Cyber hunting has increasingly become a hot topic in the security industry.
Some great articles have recently been published to introduce security and IT pros to the concept and highlight why it’s essential for cybersecurity best practices.
And it’s for good reason. Cyber hunting changes the traditional security posture from focusing on keeping attackers outside of the perimeter, to accepting that threats can make it past defensive walls and into our networks and data with advanced persistent threat (APT) tactics and malware infections. These compromises on average lay undetected for 169 globally, and in EMEA take a whopping 469 days to discover. And every day a compromise lays undetected allows the attacker to gain access to new systems and critical information.
Threat hunting puts you on the offensive to actively seek out threats including malware and APTs that have already reached the inner layers of your networks and endpoints unbeknownst to network operators, and undetectable using existing EDR and Antivirus controls. The goal is to discover a dormant threat before it becomes active or stop an active threat quickly before it causes damage – because the faster a threat can be identified and stopped, the less information that can make its way out of your systems.
However, industry commentators and experts alike all seem to agree that the only way to do this is using highly skilled and trained forensic threat hunting teams. In fact an article on Why It’s Always Cyber Hunting Season (& What To Do About It) in Dark Reading recently suggested that we need to train the next generation of cyber hunters if we’re to get ahead of this fight. While the theme of the article is absolutely true – it should always be cyber hunting season and EDR and antivirus are not adequate solutions at stopping every threat at the gates – cyber hunting doesn’t have to be a manual process, nor do we need to wait for a new generation of hunters to be trained.
Why you ask given every article out there suggests that only a skilled forensics expert can do the job? That’s because technology is also evolving to meet the needs of modern cyber hunting. At Infocyte, we have taken the years of experience and processes that our founders developed while standing up the US Airforce’s first cyber hunt team and developed a solution tailored specifically for threat hunting.
Infocyte takes what traditionally has involved highly manual processes and specialized forensics knowledge and developed a tool to automate the hunt that can be used by an organization’s own administrators and IT Security professionals. Infocyte HUNT automates a proven hunt process to improve the speed and efficacy of post-compromise detection from enumerating the network; to scanning endpoints for a sign of malware or compromise; to producing easy to understand reports that pinpoint threats and suspicious code and dynamically assign a score based on the severity of the threat. It also provides a consistent and repeatable process to not just validate the health of a network, but ensure endpoints remain compromise free.
The end result is a comprehensive solution that any security or IT team can use to hunt and resolve threats without specialized knowledge or extensive training.
If you’re looking to add cyber hunting to your security tactics, learn how you can empower your team to start hunting today instead of waiting for the next generation cyber talent.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »