Going from responding to incidents to actively hunting threats is a stance shift that requires maturity in your cybersecurity journey. It also requires having access to the right threat intelligence, the right visibility across your environment, as well as the right tools to do the job.
Advances in data science and artificial intelligence can help organizations bridge the maturity gap, but we shouldn’t forget that it’s ultimately a human with financial or geopolitical interests who’s behind these attacks. Also the same technology is available to both sides, and just as quickly as new models become more effective at threat detection, malicious actors grow more capable at confusing those models.
Likewise, organizations now have access to threat intelligence sources through various vendors and platforms. Yet many are not necessarily seeing all the value threat intelligence can bring because they don't understand how to operationalize it or they are not taking advance of the tools that can help them automate and accelerate their threat-hunting programs.
At the same time many security practitioners still struggle with the basics, the three big “knows” that every organization should focus on: knowing your enemy, knowing your network, and knowing your tools. Why? In many cases they are too busy responding to alerts and false positives to do what's needed for a threat-hunting program to be successful.
What should organizations do in 2023 to take a more proactive stance, operationalize threat intelligence and focus on maturing their threat hunting program?
Join Ismael Valenzuela, SANS author and Senior instructor for the 2023 Cyber Solutions Fest - Threat Hunting and Intelligence Track, and hear talks on: