Tools and Techniques for Threat Hunting and Threat ResearchHow the right tools can make the difference you need in staying ahead of cyber adversaries By: Secureworks
The right tools and techniques matter. If you need to rebuild your deck, but all you have is a screwdriver and zero carpentry skill, you can struggle through mistakes and long hours—or you can call a professional with the right tools and techniques to get the job done efficiently and effectively.
The same is true in the ongoing fight against cyber adversaries. According to Keith Jarvis, Secureworks’ Senior Security Researcher and Lead for Cybercrime, and Ryan Cobb, Secureworks’ Senior Information Security Researcher and threat hunter, evolving your tools and hunting techniques are critical steps in the race against cybercrime.
At the end of the day, adversaries are humans too. And they’re also developing new tools and refining techniques. That’s why you cannot simply rely on tools and techniques you used last year, last month, or perhaps even last week.
One area security that professionals must focus on is how to scale their work. With the volume of data coming in daily, automation is no longer a luxury, but a necessity. In a recent episode of The Cybersecurity Advantage podcast, Keith explains how Secureworks has put this in practice through botnet emulation as a force multiplier, taking the manual work from individual researchers and automating it.
Key advantages of this automation, according to Keith, mean that the time in a researcher’s day can be better utilized researching threats and taking action. Plus, a closed loop system versus manual entry points shortens the time to detection.
Another technique companies are turning to in order to gather data is threat hunting. According to Ryan, companies he counsels often want to start threat hunting for the same reason: to mitigate feelings of insecurity caused by gaps in an environment.
But companies and security professionals need to be aware of one key point when beginning threat hunting. According to Ryan, you have to first know your mission-critical assets and make them front and center in your security strategy.
The number one problem Ryan sees with organizations who pursue threat hunting is that they don’t fully understand which systems matter—a fact which is exacerbated in large companies, especially ones that have grown through M&A. But there is a playbook for successful threat hunting—and Ryan shares it in the podcast, as well as how to get the most out of using the ATT&CK framework.
And what does increased efficiency with data and the ability to collect more data—and catalog it appropriately—mean for the future of cybersecurity? According to Keith, it is an approach that Secureworks believes will pay dividends over the long-term. Data can go back decades—with efficient systems in place and collecting a wide view of data, if something comes on the radar today, security professionals can take the retrospective look and build out a more effective picture.
Building the right tools and systems helps security professionals to be more thorough—and isn’t that a key advantage needed against today’s adversaries? Start listening to the podcast now to hear more from Keith and Ryan and start protecting your assets in a smarter, more efficient way.
Want to learn more about state-of-the-art Threat Hunting? Join one of Secureworks’ threat hunting experts in a virtual workshop for the critical steps you need to take to ensure you’re getting the most out of your threat hunts. Find out more and sign up here.