Threat hunting is all the rage. But what the heck is it? "Ask 10 InfoSec professionals to define threat hunting, and you'll get 11 different answers," writes John Dwyer in his Black Hat session abstract. Will we get to hear the 12th definition in this episode?
About the session, "The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting"
"Ask 10 infosec professionals to define threat hunting and you'll get 11 different answers." Threat hunting is one of those interesting components of cybersecurity where everyone knows they should be doing it but not everyone can fully articulate what threat hunting is.
In our roles as threat hunters, we're lucky enough to be witness to, and evaluate, the hunt programs of Fortune 100 companies, state and national governments, and partners and MSPs. This experience has shown us that one person's definition of threat hunting does not necessarily equal another's.
If you do an Internet search for "how to build a threat hunting program" there are plenty of results and some include great insights into what makes a threat hunting program effective. However, while resources do exist, they're often tied to a specific vendor or a particular product and the best way to hunt using it. There's useful information, but you're left trying to find a way to make the proposed processes and techniques work for your environment and not the one driven by the vendor.
"If you don't like the road you're walking, start paving another one." It's with that in mind that we're releasing a threat hunting framework that can help organizations start a threat hunting program as well as improve threat hunting operations for existing programs that's free and not tied to any particular technology.
This framework will enable organizations to take control of building a threat hunting program by providing a clear path to operationalizing threat hunting as well as a well-defined threat hunting process to ensure threat hunters are set up for success.
We've responded to far too many incidents that could have been prevented with solid threat hunting operations and we hope this project can help prevent future incidents.
Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22
____________________________
Guest
John Dwyer
Head of Research at IBM X-Force [@IBM | @XForceIR | @IBMSecurity]
On LinkedIn | https://www.linkedin.com/in/john-dwyer-xforce/
On Twitter | https://twitter.com/TactiKoolSec
____________________________
This Episode’s Sponsors
CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw
____________________________
Resources
Session | The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting: https://www.blackhat.com/us-22/briefings/schedule/#the-open-threat-hunting-framework-enabling-organizations-to-build-operationalize-and-scale-threat-hunting-26702
____________________________
For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage
Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network