Best Practices for Network Security Threat Hunting
Security threats continually change. New forms of malware and ransomware appear every year. The unfortunate implication is that security engineers and architects will also need to change, or at least augment, security tactics annually as well. These configuration changes often involve a lot of pain for the security staff. Hackers understand this. In fact, they are counting on this pain. Pain often means delays in changing the network and gives their attacks more time to work.
While this cycle will never stop, another strategy to consider is threat hunting. This tactic doesn’t replace the need to install patches for firewalls and other devices or the need to implement other activities. However, you may find that it delivers an additional, proactive way of addressing changing security threats to your network.
Threat hunting is a set of activities to actively investigate threats that have infiltrated your network. It includes looking at data at rest (such as data lakes) and data on the move (like the data flowing in and out of servers). This capability allows you to deploy a solution to either analyze data in real-time or at a later date to determine if your network has been compromised. You can examine threats along the kill chain.
To learn how you can go beyond the traditional perimeter security provided by a firewall, IPS, or other devices, watch this webinar Best Practices for Network Security Threat Hunting.Speakers from ExtraHop and Ixia illustrate the benefits of threat hunting and provide best practices for the deployment of threat hunting solutions.
If you want more information on this topic, try reading this white paper Threat Hunting 101.