Hunt With Intention: Why You Should Adopt Threat Hunting and How to Get Started

I always find it funny when I come across a news story about cybercrime that uses an image of a young person alone in a dark room, cloaked in a black hoodie, tapping away feverishly on a personal computer. It seems the image of a young Matthew Broderick as a lone hacker in the 1983 film “WarGames” is what comes to mind when most people think of cyber aggressors or threat actors. This could not be further from the truth.


Today’s threat actors are highly intelligent, well-organized, motivated and focused on their intended targets — which includes you, your organization and anyone else in their sights. No matter who they are, where they live or how they dress, these malicious actors could be lurking on your network or threatening to break through. The purpose of threat hunting is to thwart this nefarious behavior before it causes any damage to the enterprise.


Today’s threat actors use sophisticated attack methods to achieve their illegal goals. These attacks can come from various and multiple threat surfaces, such as malicious insiders, fraud, asset misappropriation and other cyber risks. From the outside looking in, organizations often have vulnerabilities at multiple levels — in their networks, their people and within publicly available information. Information that is available on the open web, such as annual reports, operational assurances, access to staff via email and social media, can be a treasure trove for threat actors looking for a way to breach a company. This data gives threat actors additional collateral to study their targets even before they launch their attack.


Unfortunately, commercial organizations do not know by whom, when, where or how a well-planned attack will strike. Even with our best rule-based defenses and solutions, we have limitations. Embedded rules that we typically us ..