Threat Hunting: Five steps for successful hunting
The fact is that in the latest State of Ransomware 2022 report, 59 per cent of the companies surveyed have noticed an increase noted an increase in the complexity of cyber-attacks. Well over half are aware that cybercriminals are more cunning than ever and are are more cunning than ever and are increasingly using covert, man-made techniques in their attacks. As a result, security security teams are increasingly turning to proactive cyber hunting to stop these advanced threats.
Specifically for this topic, Sophos has produced the guide "Getting Started With Threat Hunting guide. In it, the security experts describe in a practical manner what exactly threat hunting is and why it is necessary today. exactly what threat hunting is and why it is part of a holistic security security strategy. It also explains which tools and frameworks security teams can use to stay ahead of the latest threats and to the latest threats and to react quickly to potential attacks. potential attacks.
Five basic steps to prepare for threat hunting
Crucial to threat hunting are the appropriate
basics. With just five steps, IT and security teams can
can prepare themselves for a successful hunt:
- Determine the maturity level of current cybersecurity operations.
Mapping all processes to a cyber security model, that indicates the level of development and progressiveness (for example, using the CMMC), is a good way to determine the potential performance for successful threat hunting. In addition, the existing security infrastructure and its vulnerability to threats is also examined. vulnerability to threats.
- Tactics for Threat Hunting
Once the maturity level has been assessed, the threat hunting can be can be carried out - internally, outsourced to a specialised IT service provider or in the form of a mixture of both variants.
- Identification of technological gaps
By examining and assessing existing tools, it is possible to determine what additional tools are needed for a threat scan. The two key questions should be as follows: How effective is the prevention technology? Does it have supporting threat threat-hunting functions?
- Identify skill gaps
Threat hunting requires specialised skills. If an If an IT or security team does not have the necessary experience, they should be trained for threat hunting. be educated and trained for threat hunting. Alternatively an external specialist can fill the knowledge gaps.
- The emergency plan
A response to a cyber emergency can only be as good as its its plan and the process chains and responsibilities defined in it. responsibilities. It is essential for ensuring appropriate and controlled actions and to minimise the impact of an attack. impact of an attack to a minimum.
Detailed information for successful threat hunting is described in the Sophos white paper Getting Started With Threat Hunting.
Original blog post by Jörg Schindler - Senior PR Manager at Sophos