Understanding Threat Hunting

Threat hunting lets your business stay on the offensive. Rather than waiting for a cyber attack to come to you, threat hunting proactively searches for adversaries to squash them in their place. It can include scanning indicators of compromise, malicious activity, intrusions, or other network anomalies to initiate a swift response.

Threat hunting combats sophisticated threat actors. How? By providing a modern cybersecurity solution to spot and mitigate threats before they can damage your network. And while you can get proactive, offensive services via third-party tools, CyberMaxx’s Maxx MDR solution has threat hunting built-in. The result: You get end-to-end detection and response capabilities all in one provider.

The Importance of Threat Research

Robust threat research powers threat hunting. Consider how you obtain “intelligence” on a business competitor or industry to make sound decisions. Threat research is similar but for cybersecurity. It involves analyzing cyber threat trends — letting you know exactly what to look for in your network.
You might, for example, study emerging attacks, common network vulnerabilities for your industry, and evolving tactics actors are using. From there, you’ll have a solid foundation for indicators of compromise. In other words, there are things to look for and anticipate during threat-hunting activity.
Staying ahead of known cyber attacks is easy. But combating emerging threats? That’s a different story. One where the “hero” is a threat research program powering your algorithms with insights on what tomorrow’s attack might bring.

How Offensive Security Services Strengthen Defenses

You’ve created your network with defense measures. So, how or where will a cyber threat actor exploit it to deliver an attack? Offensive security solutions answer that question. It lets you proactively identify vulnerabilities (or even actual threats) for remediation. While we already discussed threat hunting, there are other ways to deploy offensive security:

• Penetration testing: Simulating attacks against your network to see what’s most vulnerable or likely to be compromised. It lets you strengthen defenses by finding weak points that need additional controls before an adversary.
• Red teaming: Using professional, ethical hackers to deliver real cyber attacks against your network through common adversarial tactics. It helps you fortify against the most likely attacks by detecting  security flaws.
• Purple teaming: Applying offensive (red team) and defensive (blue team) cyber attack simulations in a collaborative environment. It lets you advance security by providing insights into prevention and detection measures.

Offensive security is proactive by default. You can use these tactics to stay ahead of threat actors by knowing where you’re most vulnerable. With those insights, you can close security gaps, beef up controls, or patch whatever weaknesses an attacker might exploit.

For example, maybe you ran a red team exercise and found you’re heavily susceptible to email phishing. Unknown addresses are getting through, and users are falling for the scam. Now you know to add security controls for your email server and provide employee awareness training.

Integration of Threat Hunting, Research, and Offensive Services in MaxxMDR

Nothing illustrates our “offense fuels defense” approach better than the CyberMaxx MaxxMDR service. It puts a nuanced spin on traditional MDR, incorporating methods that keep us ahead of adversaries. Threat research teams gain insights into emerging tactics, tools, and vulnerabilities. Based on those insights, threat hunters seek out indicators of compromise in your network for swift detection and response.

This coordinated effort, combined with powerful machine learning (ML) algorithms and automated analysis tools, is a game-changer. We can get deeper insights into (current and emerging) threat landscapes and provide end-to-end detection and response capabilities. The result: Our SOC team constantly learns and adapts to new attacks so you can deploy stronger defenses.
Jeremy Wiedner, our principal SOC analyst, explains it best:

“The proactive, human-led pursuit, guided by threat intelligence that seeks to discover adversary activity that has evaded existing security controls. Its goals are to reduce dwell time, minimize the negative impact to the business, of security incidents, reduce the attack surface, and improve overall security posture.”

Key Strategies and Techniques in Threat Hunting and Research

Effective threat hunting is nearly impossible without solid research. If you don’t know where you’re vulnerable or what emerging attack trends are, how will you know what to look for in your network? It’s a never-ending process demanding collaboration between SOC personnel, security analysts, and offensive security teams.

Concrete threat hunting and research also rely on data analysis. What do we mean?

• Intelligence on threats making their way into your industry
• Insights on adversarial tactics and tools
• Event information from network traffic and system logs
• Activity tracking to spot suspicious and anomalous activity

You can continuously update defense mechanisms if all these techniques are in place. And we don’t just mean with robust security controls. These strategies can help you adopt measures that even an adversary can’t anticipate.

Threat Hunting and Research: A Pathway to a Secure Future

Protecting yourself from yesterday’s cyber attacks won’t do you much good. Only through comprehensive threat hunting, research, and offensive services can you reliably adapt to emerging cyber-attacks. And by staying ahead, you’ll get the peace of mind you deserve — knowing you’re equipped with the most robust defensive measures.

The post The Role of Threat Hunting and Research in Strengthening Cyber Defenses appeared first on CyberMaxx.

CyberMaxx Principal SOC Analyst Jeremy Weidner shares the true meaning of Threat Hunting and why the connection to MDR is so important for companies to understand.

Download the eBook here.

Video Transcript

Hey everyone, my name is Jeremy Wiedner, and I am a principal analyst in the Security Operations Center here at CyberMaxx.

Over the last decade, as more attention and focus has been given to threat hunting, I have continued to see confusion and misinformation about what it is persist. To this day, many security vendors are trying to cash in on this hot topic. The term threat hunting is applied to various services that are not actually threat hunting. So, as a protector of your company, how do you sift through the noise and marketing material to make sure you are getting threat hunting? Well, that very question is why we wrote this eBook. We want to help you understand what threat hunting is and is not so you can free up your time and focus on protecting your company.

Here at Cybermaxx, we define threat hunting as:

“The proactive, human-led pursuit, guided by threat intelligence that seeks to discover adversary activity, that has evaded existing security controls. Its goals are to reduce dwell time, minimize the negative impact to the business, of security incidents, reduce the attack surface, and improve overall security posture.”

You might be asking yourself why threat hunting is important to me and why I am so passionate about it. I first heard this anecdote at the start of my career in law enforcement, but it applies no less to those who have chosen cybersecurity as their profession and threat hunting in particular. It is about society, wolves, and sheepdogs.

First, we have society which is made up of kind people who enjoy going about their daily lives in their jobs and with their family and friends. They may not even realize they are a target for cybercrime.

Next, we have wolves. These are evil people in the world capable of evil deeds. They feed on society without mercy as evidenced by the many data breaches, identity theft, and ransomware events each year just to name a few.

Lastly, we have the sheepdogs who are funny critters. They live to protect society and confront the wolves. They are always sniffing around the perimeter, checking the breeze, and barking at things that go bump in the night looking for any signs of the wolf. In essence, hunting the wolf.

I am a sheepdog, as a law enforcement officer I often went out looking, “hunting” if you will, for crime in my sector instead of just waiting for a call. I often found it and was able to keep my city safer because of it. Now, fast forward several years and I still apply this same pro-active hunting in my passion for cybersecurity. I prefer to be proactive and take the fight to the wolves instead of waiting for them to strike the clients I protect. The best way to do this is by threat hunting.

So, as you dive into threat hunting, here are a couple of things to keep in mind:

• Take on a “We have been breached but don’t know it” mentality.
• Not every hunt is going to find a breach in your environment.
• Other risks may be found that should be addressed to improve overall security posture.

Let’s take a moment to make the connection between Threat Hunting and MDR here at CyberMaxx. When threat hunting uncovers a previously unknown breach it often leads to new threat intelligence and ways to detect adversary activity. This provides MDR analysts with higher fidelity alerts. In addition, when a threat hunter does find a previously undetected compromise the response portion of MDR allows zero-latency pro-active response actions to be taken to contain and mitigate the threat on the client’s behalf before ever picking up the phone.

Thank you for listening and if you would like more information please read my eBook Threat Hunting Done Right.

Download the Threat Hunting Done Right eBook below

The post Threat Hunting Done Right – Audio Blog appeared first on CyberMaxx.

Breaking through industry misconceptions and identifying emerging threats systematically​

We’ve published this guide to provide a clear understanding of what threat hunting is and what it isn’t. ​

The security vendor community often makes this confusing by using the term to describe things that aren’t truly threat hunting. ​

We, here at CybeMaxx define Threat Hunting as:​

Threat hunting is a proactive, human-led pursuit guided by threat intelligence that seeks to discover adversary activity, that has evaded existing security controls. Its goals are to reduce dwell time, minimize the negative impact on the business, of security incidents, reduce the attack surface, and improve overall security posture. ​

The goal of this guide is to help organizations cut through this noise and create a threat hunting function that is comprehensive, effective, and seamlessly integrated with an equally effective detection and response motion.​

What’s included:​

• The four definitive pillars of effective threat hunting​
• Insights into threat hunting, MDR and the Risk Reduction Flywheel​
• Anatomy of a successful threat hunt​

The post Threat Hunting eBook appeared first on CyberMaxx.