fast international shipping
ISO 9001/27001 Corporate certification
Manufacturer certified experts for your project
Threat Hunting: Five steps for successful hunting
May 13, 2022 Sophos Cybersecurity, Cyber Threat, Cyberangriffe
The fact is that in the latest State of Ransomware 2022 Report, 59 percent of organizations surveyed noted an increase in the sophistication of cyberattacks over the past year. So well over half are aware that cybercriminals are more cunning than ever and are increasingly using covert, human-driven techniques in their attacks. As a result, security teams are increasingly turning to proactive cyber hunting to stop these advanced threats.
Sophos has created the guide "Getting Started With Threat Hunting" specifically for this topic. The guide provides a practical description of what threat hunting is and why it is part of today's holistic security strategy. It also explains what tools and frameworks security teams can use to stay ahead of the latest threats and respond quickly to potential attacks.
Five elementary steps to prepare for threat hunting.
Crucial to threat hunting are the appropriate fundamentals. With just five steps, IT and security teams can gear up for a successful hunt:
Crucial to threat hunting are the appropriate fundamentals. With just five steps, IT and security teams can gear up for a successful hunt:
- Determine maturity of current cybersecurity operations
Mapping all processes to a cyber security model that indicates the level of development and progress (for example, using the CMMC) is a good way to assess the potential capability for successful threat hunting. Along the way, it also examines the existing security infrastructure and its vulnerability to threats. - Tactics for Threat Hunting
After assessing the maturity level, threat hunting can be conducted - internally, outsourced to a specialized IT service provider, or a mix of both variants. - Identification of technological gaps
By reviewing and assessing existing tools, it is possible to determine what is additionally needed for a threat scan. The two key questions here should be as follows: How effective is the prevention technology? Does it have supporting threat-hunting capabilities? - Identify skill gaps
Threat hunting requires specialized skills. If an IT or security team lacks the necessary experience, they should be educated and trained for threat hunting. Alternatively, an external specialist can fill the knowledge gaps. - The emergency plan
A response to a cyber emergency can only be as good as its plan and the process chains and responsibilities defined in it. It is essential for ensuring fast, appropriate and controlled actions and for minimizing the impact of an attack.
Detailed information for successful threat hunting is described in the Sophos whitepaper Getting Started With Threat Hunting.
Original blog post by Jörg Schindler - Senior PR Manager at Sophos