Tips and tactics of today's cybersecurity threat hunters

Having internal threat hunting capability is becoming a necessity for many organizations. Here are the most common things they look for and how they respond to incidents.

target threat hunting program sitting duck duck shooting gallery by roz woodward getty 2400x1600
Roz Woodward / Getty Images / Target

Threat hunting isn't just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm their way into the enterprise. Even if a company has no assets of interest to foreign spies, financially motivated cybercriminals can use the same access points and evasion techniques.

According to IBM's Cost of a Data Breach Report 2020, the average organization takes 315 days to detect and contain a breach caused by a malicious attack. The longer the attackers stay inside your systems, the more money it costs. According to IBM, it costs companies an additional $1.12 million if it takes them more than 200 days to detect a breach.

As a result, more companies are hiring threat hunters, training existing staff on threat hunting techniques, or hiring outside firms to provide threat hunting services. "Threat hunting is absolutely a necessity in modern cyber defense," says Mark Orlando, co-founder and CEO at Bionic Cyber, who teaches threat hunting for the SANS Institute and previously worked on security issues for the Pentagon, White House, and the Department of Energy.

"When I first started in security operations, threat hunting sounded cool, but it was something that only the most advanced teams did," Orlando says. "It was optional, but now you have these high profile breaches that would not have been discovered unless you had skilled investigators who know how to hunt for these threats. There's now an awareness that it's not optional."

Tips to enhance threat hunting capabilities

To continue reading this article register now

Microsoft's very bad year for security: A timeline