PRO+ Premium Content/Information Security
Access your Pro+ Content below.
The threat hunting process is missing the human element
This article is part of the Information Security issue of December 2018, Vol. 20, No. 6
The rise of the threat hunter role is butting up against the skills shortage. As more companies start to adopt security automation, the threat hunting process steps outside of the box by requiring a highly trained human element. While tier-1 and tier-2 analysts rely on alerts from systems and some combination of manual and automated workflow to escalate and respond to security events, the threat hunting process hinges on an expert's ability to create hypotheses and to hunt for patterns and indicators of compromise in data-driven networks. Usually, that means tier-3 security analysts with the experience and creativity to proactively discover tactics, techniques and procedures employed by advanced threats. Threat analyst activities require awareness of attackers' TTPs, understanding of threat intelligence and data analysis, knowledge of forensics and network security, and plenty of time to carry out these tasks. With tier-3 analysts in short supply, who is going to fill these roles? The skills dilemma may depend on how ...
Features in this issue
-
Threat hunting techniques move beyond the SOC
Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated.
-
Still no answers to endpoint security protection, survey finds
The frequency of endpoint attacks is on the rise, with 76% of IT security professionals reporting that their organization was compromised by new or zero-day (unknown) exploits.
News in this issue
-
The threat hunting process is missing the human element
Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt?
Columns in this issue
-
Ron Green: Keeping the payment ecosystem safe for Mastercard
"We have invested a billion dollars over the last couple of years just in security," says Ron Green, Mastercard's chief of security, who joined the company in 2014.
-
Marcus Ranum: Systems administration is in the 'crosshairs'
After years of spirited debates and top-notch interviews, columnist Marcus Ranum is signing (sounding?) off with some final thoughts on the future of security.