PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Threat hunting techniques move beyond the SOC
This article is part of the Information Security issue of December 2018, Vol. 20, No. 6
When James Mercer decided to hunt for potential adversaries targeting his company's data centers, the CIO of Flexi-Van Leasing Inc. looked at ways that attackers infiltrated other commercial and industrial equipment companies and searched for signs of similar attacks. "We found a malbehaving SQL server environment by looking through the various possible threats and approaches," Mercer said. "First, there was a panic -- Oh my god, we were seeing login information -- but then we discovered it had been misconfigured by someone many years ago." Although the hunt did not reveal an actual attack, the process convinced Mercer that using threat hunting techniques is a valuable exercise. "An ounce of prevention -- that's the great value of threat hunting," he said. "It is not about whether you find something or not, but whether you find a pathway that could have been exploited." For that reason, the 250-person firm, headquartered in Kenilworth, N.J., has become more invested in threat hunting techniques. It's an advanced capability ...
Features in this issue
-
Threat hunting techniques move beyond the SOC
Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated.
-
Still no answers to endpoint security protection, survey finds
The frequency of endpoint attacks is on the rise, with 76% of IT security professionals reporting that their organization was compromised by new or zero-day (unknown) exploits.
News in this issue
-
The threat hunting process is missing the human element
Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt?
Columns in this issue
-
Ron Green: Keeping the payment ecosystem safe for Mastercard
"We have invested a billion dollars over the last couple of years just in security," says Ron Green, Mastercard's chief of security, who joined the company in 2014.
-
Marcus Ranum: Systems administration is in the 'crosshairs'
After years of spirited debates and top-notch interviews, columnist Marcus Ranum is signing (sounding?) off with some final thoughts on the future of security.