Professional Documents
Culture Documents
GN Guide To Threat Hunting 2023
GN Guide To Threat Hunting 2023
Threat Hunting
Introduction
Evolution of
Threat Hunting
The history of [cyber] threat hunting can be traced back to the early days of
firewalls and antivirus software when security analysts relied on their own
those days, information about malicious code was shared among security
exchange of information often took place through email and IRC channels, and
As the cybersecurity landscape evolved, so did the methods and tools used for
response for GE-CIRT — wrote what may be the first article that described
in their enterprise. These intruders can take the form of external threats
Rather than hoping defenses will repel invaders, or that breaches will be
CTOps experts then feed the lessons learned from finding and removing
//
While the challenges below are not all the challenges that threat hunters face
today, they are the ones that we see most often with our customers and
community.
"Skills" Gap
Threat hunting is often perceived as an advanced skill set that requires
specialized training and expertise. This perception creates a challenge
as organizations may struggle to find or develop professionals who
possess the necessary hunting capabilities. The evolving nature of
threats and the constantly changing tactics used by adversaries demand
continuous skill enhancement and staying up-to-date with the latest
//
//
While there are some estimates in the “History” chapter of this guide, there is no
definitive data on the exact percentage of organizations that have cyber threat
hunting programs. As noted, various IT and cyber news outlets do report that
only a minority of organizations currently have formal threat hunting programs
in place, with estimates ranging from 10% to 30% based on different [vendor]
surveys. So, one easy prediction is that more organizations will incorporate
cyber threat hunting into their regular activities, and some will form dedicated
teams.
This guide will emerge at or near the midpoint of 2023. As such, this
“predictions” section would be remiss if it did not discuss the future of cyber
threat hunting in the context of large language models (LLMs) and generative
pre-trained transformers (GPTs). Before we go there, we first need to
acknowledge that a common component of any future is the need for
organizations to do a much better and far more complete job of collecting,
organizing, storing, and maintaining relevant business operations data, asset
inventories, and IT/application configurations and logs.
Assuming organizations that want to keep pace with adversaries are engaged in
threat hunting activities, and have embarked on said data-driven mission, it is
quite conceivable that natural language processing models will be developed
and refined for the aforementioned technical and process-oriented data. This
will enable organizations to continually update the corpus of information
accessible to LLM/GPT-enabled threat hunting systems, which will further
can do more than pip install some Python helper tool (i.e.,
today.
organization.
//
This eBook has explored the history, current challenges, and best practices of
cyber threat hunting, while also making predictions about the future of this vital
component of cybersecurity. Cyber threat hunting has evolved from a manual
process to a proactive and hypothesis-driven approach, enabling organizations
to detect and mitigate threats before they cause significant damage. However,
several challenges hinder effective threat hunting, including limited resources,
the skills gap, pattern recognition, data overload, and the need to understand
one's unique threat landscape. Implementing best practices such as developing
strong hypotheses, determining required data, and defining deliverables can
enhance threat hunting capabilities.
The future of threat hunting holds promise for organizations that invest in data-
driven approaches and leverage advanced technologies. By adopting best
practices, addressing challenges, and embracing emerging trends, organizations
can enhance their threat hunting capabilities and strengthen their overall
cybersecurity posture.
greynoise.io
Copyright © 2023 GreyNoise, Inc.