Over the last few years, one of the characteristics most commonly sought after by professionals on the lookout for new talent for their companies has been proactivity. Adam Grant, a Wharton School professor and one of the most influential authors in organizational psychology, defines proactivity as “anticipatory action that employees take to impact themselves and/or their environments.”
This very trait is increasingly important for corporate cybersecurity. A recent study by ESG, carried out among IT professionals, showed that 53% of organizations have reported a problematic shortage of cybersecurity skills in their teams. One of the particular difficulties that stands out is the challenge of finding candidates that bring a proactive attitude in terms of searching for and anticipating threats, going beyond the traditional approaches of responding to cyberattackers. As we’ve pointed out before, proactivity is the key to threat hunting.
Why are more and more companies opting for threat hunting?
Traditional cybersecurity measures such as firewalls, intrusion detection systems (IDS), sandboxing or SIEM solutions usually focus on post-incident investigations. These measures are still relevant, as organizations still need responses to common cyberattacks.
However, cyberattacks are increasingly stealthy and intelligent, and happen more frequently. In our cybersecurity predictions for this year, we highlighted the fact that 62% of companies say that they have suffered cyberattacks that didn’t use malware signatures. Other examples, such as attacks using chatbots, malicious inbound marketing techniques, and other attacks based on artificial intelligence all prove how sophisticated new cyberattacks can be. Companies are well aware of this, and have taken appropriate measures: 43% now carry out continuous threat hunting as part of their cyberrisk prevention strategy; 65% predict increased investment in these kinds of tools in the coming years (SANS Threat Hunting Survey)
What is the profile of professional Threat Hunters?
These new threats have also caused a great evolution in the profile of cyberattackers: while we still see amateurs, many are now highly professionalized, with specialized training and vast resources provided by companies or even foreign powers. Cybercrime is now an extremely lucrative, far-reaching business. It is therefore vital for cybersecurity professionals’ profiles to be on a par with those of cybercriminals. This means, going beyond traditional techniques and opting for active searches on corporate networks, using a process based on hypotheses and evidence. As we can see, it is clear that proactivity is a key skill for a good threat hunter. But it is not the only one. Below, we’ll go over the characteristics that every threat hunting professional should have.
- Technical knowledge: Before undertaking any threat hunting process, it is vital to have professionals who have knowledge and experience in the cybersecurity world. They need to know the focus of traditional endpoint protection tools (EPP), but also the new approach: Endpoint Detection and Response (EDR), which involves the use of real time monitoring tools, something that is vital for threat hunting.
- Corporate and geopolitical vision: cyberattackers are becoming more professional, and now belong to organizations or even states. Threat hunters must therefore know the corporate and geopolitical context that may be motivating these cyberattacks. Technical knowledge is fundamental, but it is increasingly necessary to have ideas that bring us closer to a more general vision in order to get ahead of cyberattacks.
- Creativity: the first step in the threat hunting process is to create hypotheses in order to seek out potential threats. The threat hunter must therefore come up with possible scenarios, bearing in mind numerous elements and attack vectors that may not be so obvious to traditional cybersecurity solutions.
- Mastery of the empirical method: once hypotheses have been created, the next step in the threat hunting process is to validate them, searching for evidence, and discovering patterns. These stages are similar to those followed by a research scientist. As such, threat hunters need to have a decent understanding of work methods based on analysis and evidence. Threat hunters are not so different from scientists who make great discoveries.
Panda Security threat hunting
At Panda Security we have a great team of threat hunting professionals behind our managed service, which we offer to our clients in order to perfect the response to hackers and insiders. Our machine learning based solutions can classify 99.98% of threats. For the remaining 0.02%, organizations have available to them our threat hunters. Our threat hunting team carries out investigations to uncover the main cause of threats and to establish an action plan to mitigate them. These investigations are based on attack patterns that are automatically discovered by our solution Panda Adaptive Defense, which analyzes anomalous behaviors from users and computers. This way, our experts can identify IoAs of malware (both known and unknown) and malwareless attacks in real time.
Do you want to know more about our threat hunters? On May 23, in the Coliseum Theatre in Madrid, we’re holding the largest European cybersecurity event, PASS2019. At the event, we will discuss new attack trends, the most cutting edge cybersecurity solutions, all with a special focus on threat hunting. Find out how to hunt down threats!
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
