Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

3 Ways Your Threat Hunting Program Could Be Failing You

As a concept, threat hunting has a somewhat glitzy name and, on the surface, may appear to be a project that an organization can pull off by simply adding a couple of automatic detection tools and then tasking a few security staffers to keep an eye on the results that pour in.

Nothing could be further from the truth. In fact, to be conducted properly, threat hunting requires an integrated team of security specialists using a platform specifically designed for threat hunting.

Gartner defines threat hunting as searching for security threats by looking for traces of attackers, past and present, in an IT environment. Organizations that employ threat hunting use an analyst-centric process to uncover hidden, advanced threats missed by automated, preventative and detective controls.

However, if an organization does not handle threat hunting correctly, the information gathered will be of little use, and the defense put in place will likely be ineffective.

Here are three common ways a threat hunting program goes off track.

1. A Lack of Human Involvement

As Gartner’s definition states, threat hunting is an analyst or human-driven endeavor. The concept of threat hunting is often incorrectly defined as being centered on security teams simply detecting threats using automated tools. However, a human element must be involved when creating a successful threat hunting team.

Specifically, it’s critically important that an organization have a security staff with the experience and training to conduct threat hunting properly. The task is not something that just anyone can handle. It requires a certain mindset and level of training to do so correctly.

2. Being Passive

Threat hunting is a proactive activity conducted by security teams that combines automated tools, such as Endpoint Detection and Response (EDR), with analysts using a hands-on approach to parse through the data for adversaries and infiltration vectors they can exploit. The people in the chain must actively search through the data being gathered, looking for anomalous behavior that tools alone won’t detect. 

3. No Preparation

A team cannot simply start “threat hunting.” There are a number of preparatory actions a team must implement before the project commences. First, the team charged with protecting an organization must answer a list of questions that will help create a profile that will guide the defenders during their task.

A good threat hunting team will begin this process when it takes on a project to gather up information on the environments involved, discover what threat actors have been actively attacking such environments, determine what the attackers are looking to accomplish, and where similar organizations have been shown to be vulnerable.

The intelligence gathered through this process is used to generate a custom hunt for that customer, relying on field experience to help find where the attackers typically are and what tactics they tend to use.

Interested in learning what other attributes a good threat hunting program should have? Download our Proactive Threat Hunting Data Sheet below.

 


17135_proactive-threat-hunting_cover
DATA SHEET

Trustwave Proactive Threat Hunting

People are at the core of threat hunting and central to the practice. Trustwave Proactive Threat Hunting combines human-driven and automated process with supported technologies in your existing environment and our purpose-built threat hunting capabilities to help you get ahead of your adversaries.

 


ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo