The practice of cyberthreat
hunting traps elusive prey
lurking inside networks.
BY SANDRA JONTZ
Anew paradigm afoot in cyberspace helps security analysts better manage manpower and technologies to defend networks against the quotidian volley of intrusions taxing global enterprises.
The confluence of cyber defense and offense has given rise
to the practice of threat hunting: aggressively seeking adversaries rather than waiting to learn that they have breached
network security perimeters. The technique has gained traction after a lackluster start short on focus and structure, says
Monzy Merza, director of cyber research and chief security
evangelist for Splunk.
A few years ago, Merza says, information technologists
might have been working a network trouble ticket one
moment only to switch to threat hunting the next, often
without a clear target. “They thought hunting was cool. They
wanted to do the next level thing, and it was the new sexy. The
general vernacular around threat hunting used to be: ‘What
are you looking for?’ ‘I’ll know it when I see it,’” he says.
But missions suffered, and organizations wasted resources.
Security managers began implementing formal training programs for staff, adopting automation technologies and setting
parameters to clearly define adversaries: who they might be,
what they might want and what to do when discovered, Merza