INTEllIGENT COMPUTING | SECURITY







































          transition to cloud services? The intensity of a potential   focused  on  outsmarting  a  skilled  human  attacker  on
          malicious breach?                               the other side.

          SIGNIfICaNCE Of ThrEaT hUNTING                  valUE PrOPOSITION Of ThrEaT hUNTING fOr aN
          This is where Threat Hunting can play a key part. Threat   OrGaNIZaTION
          Hunting is a proactive and iterative approach to security and   Immeasurable sums of money, manpower and time has
          enables the company to answer the questions above. In es-  been invested in developing a resilient security infrastruc-
          sence, it is the process of looking for the traces of attack-  ture. However, organizations still struggle to identify and
          ers (past and present) in your IT environment. The process   respond  to  cyber  intrusions  in  a  timely  manner.  Threat
          helps find those traces before any alerts of their activities   Hunting  has  recently  emerged  as  a  proactive  defense
          are generated by security devices. Threat Hunting enables   asset capable of methodically detecting and responding
          the company to consistently address the following:  to advanced security threats that bypass the traditional
          l  Maintain a continuous threat awareness       rule or signature-based security solutions. An Organiza-
          l  Hunt for unknown behavioral based anomalies  tion  equipped  with  Threat  Hunting  is  better  enabled  to
          l  Analyze threat intelligence feeds and convert it into ac-  uncover hidden and entrenched threats as it reduces the
          tionable tasks                                  attack  surface  resulting  from  discovered  and  removed
          l  Aid in providing input to monitoring team    weaknesses.  Threat  Hunting  allows  for  sweeping  sys-
                                                          tems clean before a critical mission or business transac-
          kEy CharaCTErISTICS Of ThrEaT hUNTING           tion. It paves the way to validate that the controls, - both
          Threat  Hunting  is  an  analyst-centric  process  which   preventative and detective are actually working, and no
          requires a  significant investment  of  personnel, equip-  threats are entrenched in the environment.
          ment,  and  time.  The  advanced  knowledge  a  hunter   Threat  Hunting  is  a  way  to  flip  the  age-old  security
          possesses  of  the  Enterprise  Threat  Landscape  and   maxim, “the defender needs to close all holes, but the at-
          his Data Analysis skills are the primary two aspects of   tacker needs to just find one hole to get in.” Specifically,
          threat  hunting.  It  is  not  about  waiting  for  an  alert  or   with hunting, an attacker’s sole mistake is likely to lead to
          another signal; rather, it’s about going and looking for an   their discovery and removal, while the defender can cast
          intruder before any alerts are generated. Most experts   its net many times to find the mistake.
          agree that hunting is not about following the rules, but
          about  a  creative  process  and  a  loose  methodology        (The author is Solution Architect, LTI)

                                   |  A CyberMedia Publication   www.dqindia.com          January, 2018   |  51