The other day I was with a group of neighbors discussing preventions and remedies for the recent package thefts and home invasions sweeping our typically safe, quiet neighborhood. “Ella,” who lives just down the block from me, jumped in to unveil her story of how she handled a suspected prowler: After turning off the TV for the night, she heard a bump and rustle of bushes coming from the backyard shadows. Was someone lurking, looking for an ingress?
“If someone is trying to get me, I’m going to get them first.”
She secured her phone, grabbed her weapon and flashlight, flipped the lock, and stepped into the finite glow of her patio light. She listened…then called out, “I heard you, I know you’re out there. I’ve dialed 911 and I am armed!” She waited. She repeated her declaration. Then Ella stepped out of the light into the shapes of the night. She softly padded around the perimeter of her property, stabbing the darkness with her flashlight and shaking bushes, all the while threatening to “take matters into her own hands” if she found the perp before the police arrived.
If there ever was a stalker, she insisted she scared them off, defending her audacious act with, “I’m not going to be a sitting duck. If someone is trying to get me, I’m going to get them first.”
Though pursuing an unknown assailant in the dark of night may not be the safest approach for an older, single woman; the concept as a whole is a fresh, strategic approach to fighting cyber criminals: The prey stalks the hunter.
Up until now, cyber security focused primarily on blocking attempted attacks at the ‘front door’ and reacting to breaches after entry. But hackers are stepping up their game, masking their presence and avoiding detection for ever-increasing timespans. Their ever-evolving sophistication and stealth cry out for a more aggressive, offensive combat. Recent headlines echo this call with reports of major corporations failing to detect breaches for months, even years after the initial infiltration.
43% of cyber security professionals claim cyber crime is developing faster than security tools2
Now organizations are going on the offensive. Rather than waiting for attackers to reveal themselves, IT teams are proactively engaging the invaders. They’re beginning to hunt the hunters. The SANS Institute defines ‘threat hunting’ as “a focused and iterative approach to searching out, identifying and understanding adversaries that have entered the defender’s networks." If such a method is applied appropriately, it can significantly diminish threat exposure and eliminate further damage.
It’s a different way of looking at an attack. Rather than simply defending your network territory by discovering the malicious tools, you seek out the human behind them. This asks that you enter the mind of your adversary – know your enemy. Consider where he may be hiding - what he may be after, what systems or vulnerabilities could he could exploit - and look to defending those first.
35% of security and IT professionals believe there is a cyber security skills shortage2
To that end, this technique requires a formidable response team. If you cannot rapidly respond and recover from the threat, stalking the hacker will bear little impact. You must be ‘sticky’ where the intruder is ‘slippery.’ You must know what to look for, where to look for it, and when. And that demands a great deal of multi-source data correlation and analysis, internal telemetry, and external threat intelligence - facilitated through automation. For this, a trained analyst, well-versed in cyber forensics, malware analysis, and security operations, becomes essential to your team as well.
45% of enterprises engage in some degree of threat hunting, even if on an ad hoc basis
Such an involved pursuit may seem daunting, in terms of both budget and time, but the risks of forgoing the effort could tally higher. Forward-thinking enterprises are beginning to establish threat-hunting protocols. A 2017 SANS Institute surveyed 306 organizations and found 27% employed mature threat-hunting programs. Respondents noted that speed and accuracy were their biggest gain in measurable improvements.
Pursuing the perpetrators assumes a more aggressive battle stance in the fight against cyber crime. Together with in depth risk assessments and well-constructed business continuity and incident response plans, threat hunting bolsters an organization’s cyber resiliency.
For more great industry info, check out our free infographic:
1. Proactive Threat Hunting: Taking the Fight to the Enemy, juniper networks, 2018
2. Understand the Threats and Fortify Your Defenses, juniper networks, 2018
Written by Angie Longacre
As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.