Where Does your Agency Stand on the Cyber Threat Hunting Maturity Model?
Many organizations are quickly discovering that cyber threat hunting is the next step in the evolution of the modern Security Operations Center (SOC).
But what is “hunting"?
Sqrrl, a leader in big data analytics and cybersecurity, defines hunting as “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.”
It’s a process that involves many different techniques. None of them constitute a silver bullet and the best ones often depend on the type of activity that you’re trying to find. These techniques can include manual or machine-assisted ones (as opposed to relying only on automated tools like SIEMs). Hunting is also a process that stresses detection over alerting. One of the main goals of threat hunting is to improve automated detection by prototyping new ways to detect malicious activity and turn these prototypes into effective new automations.
So what makes up a good hunting infrastructure and how can you determine where your organization stands on the road to effective threat hunting?
There’s a good chance you’ve already got some level of initial or minimal hunting best practices, tools, and techniques in place. But to gauge your agency’s hunting ability, it’s important to consider a number of factors, including:
• The quantity and quality of the data you collect;
• Ways you can visualize and analyze various types of data;
• Kinds of automated analytics you can apply to data to enhance analyst insights
The quality and quantity of the data that an organization routinely collects from its IT environment is a strong factor in determining their level of Hunting Maturity.
To learn more about how you can determine where you stand on the hunting maturity ladder and scale your organization’s hunting capabilities, check out Sqrrl’s whitepaper: A Framework for Cyber Threat Hunting.