With both the volume and variety of advanced cyber threats growing at a prolific rate, the demand for proficient threat hunters has never been higher, a fact reflected in the high salaries on offer and the large number of job opportunities available.
Sadly, the number of genuine threats faced continue to rise sharply and automated security solutions can’t keep up. As a result, many cyber breaches remain undetected for an alarming amount of time. According to Verizon’s latest Data Breach Investigation Report, a typical cyber breach goes undetected for over 200 days, more than enough time to cause significant damage.
This ‘detection deficit’ is a key factor in the growing demand for threat hunters. Cyber threat hunting is the proactive practice of detecting, isolating and neutralizing advanced threats which would otherwise evade a business’s automated security solutions. Skilled threat hunters can add a powerful new dimension to any security program, helping to pick up many of the threats that manage to slip through the automated security net.
In fact, the SANS 2017 Threat Hunting Survey found that 91% of respondents reported an improvement in both the speed and accuracy of their cyber threat response as a result of threat hunting. Furthermore, 60% of respondents have achieved a measurable improvement in their overall cybersecurity based on their threat hunting efforts.
How does a threat hunter operate?
Threat hunters typically work within a security operations center (SOC) and take the lead role in an enterprise's threat detection and incident response activities. Some businesses try to save money by assigning threat hunting duties to existing security engineers, but by far the most effective approach is to have a dedicated team working full-time on threat hunting activities. A typical threat hunting role consists of the following main responsibilities:
- Hunting for known prey: The easiest part of the role! Known adversaries have revealed themselves in some way and can be proactively hunted. These threats may match a signature that has been developed to detect them, have been listed by the anti-virus vendor, been poorly hidden, or even been discovered as the result of a blog post or news article that the threat hunter has read.
- Watching for unknown prey: Hunting for the unknown much harder and requires patience, persistence and more effort. This is because, unknown threats are more sophisticated, well-hidden and harder to detect. However, these adversaries do also leave indicators of their movement around a network. Vigilance is key and this is where a skilled threat hunter will really set themselves apart.
- Executing on the incident response plan: Once a threat has been detected, the threat hunting team must gather as much information as possible before executing on any pre-existing incident response plans in order to neutralize the threat.
- Preparing for the next threat/s: Once a threat has been successfully eliminated, plans must be updated and any new intelligence gained can be used to prevent similar attacks in future.
What does it take to become a threat hunter?
Effective threat hunters require a number of skills and qualifications. Critical skills include pattern recognition, communication, data forensics and analytics, while degrees in computer science, engineering and/or mathematics are also extremely valuable.
However, much like any career, experience is also a huge factor, as is a deep understanding of the tools of the trade, such as firewall logs, intrusion detection systems, windows logs and event management systems. Most organizations will look for a combination of some or all of these things when recruiting new threat hunters to their ranks.
For those that fit the bill, the opportunities are almost limitless. With so much demand out there across a multitude of sectors including financial services, high-tech, military, government and telecommunications, just to name a few, skilled threat hunters really can have their pick of employment opportunities.
As the number of advanced threats capable of evading automated security solutions continues to rise, the demand for threat hunters across all business sectors is growing all the time. Working as a threat hunter can be an exciting and dynamic career at the forefront of the cybersecurity industry, where no two days are the same. So, do you think you have what it takes?