How Target evolved its threat hunting program: 3 key steps

Target decided to re-evaluate its successful threat hunting program and found it could do better. This is what they did.

target threat hunting program sitting duck duck shooting gallery by roz woodward getty 2400x1600
Roz Woodward / Getty Images / Target

Threat hunting – proactively searching through your own company’s networks to hunt for attacks that might evade other security measures – often signifies a company with a mature and well-resourced security organization. But just as threat actors are constantly evolving, organizations should be willing to reassess and change their security programs, even if they think they are working well.

Retail giant Target, for example, had a mature threat hunting program, but the company decided it was time for a refresh to ensure the program was fit for purpose and still helping the business.

Evolution of a mature threat hunting program

Target’s threat hunting program had been in place for five years when it decided to do a “soup to nuts” reworking of the program, the company's Principal Engineer of Cybersecurity David Bianco told attendees at the SANS Threat Hunting Summit in London last month.

“It was time to evolve that program into something more modern,” he said. “Not that there was anything wrong with it, but we had just had essentially the same program for several years and wanted to see if there were any updates that should be made.”

To continue reading this article register now

The 10 most powerful cybersecurity companies