Hansel and Gretel have wised up quite a bit since their harrowing childhood experience with the Evil Witch. Their narrow escape garnered them a lot of attention, so it was no surprise that they went on to become expert threat hunters as security analysts for the forest.

Back in the day, Hansel and Gretel used breadcrumbs as a simple way to (hopefully) find their way back home. It was a defense that didn’t end well for them. Now Hansel and Gretel spend their days following a different kind of breadcrumb trail: a trail of suspicious behaviors. But why would they put themselves in danger again?

That’s because these breadcrumb trails can lead them to advanced persistent threats (APTs). It’s actually an offensive strategy to help identify well-organized, well-resourced malicious actors — the kind that break through without tripping any alarms. The siblings fell for one of those threats before when they foolishly stepped into the candy-filled home of the Evil Witch, but they won’t let her get hold of a helpless kid ever again.

The Role of Threat Hunters in the Forest

So how will they do it? You see, threat hunters are very deliberate. They know which breadcrumbs lead to serious threats and which don’t. But to start, Hansel and Gretel must first figure out the answers to three questions:

1. What is their most valuable possession to protect? In the forest, it’s children.
2. Who would be after this valuable possession? Why, an Evil Witch, of course!
3. What tactics, techniques and procedures (TTPs) would this person use to breach the network? The sweet smells of candy and cake, for one.

Now Hansel and Gretel can set a baseline for what is normal. How many kids are in the forest on any given day? Does the forest usually smell like delicious baked goods? Has the Evil Witch purchased bulk candy lately? What is considered too close to the Evil Witch’s property?

When any of these data points break out of the norm, Hansel and Gretel know they must act before it’s too late. Thanks to threat hunting, they can close the gap from the time of compromise to the time of detection. No more kids will go missing on their watch!

Follow the Breadcrumb Trail to Security

With IBM i2 Enterprise Insight Analysis and QRadar SIEM, Hansel and Gretel follow a breadcrumb trail that will prevent the evil witch from ever capturing another child.

You can also follow breadcrumbs that lead to your end goals before it’s too late. IBM i2 can help you stop malicious actors in their tracks — whether they’re cunning witches or crafty cybercriminals — in record time.

Finding breadcrumbs in a crowded forest may seem impossible, but narrowing your focus on those clues can help you pinpoint the biggest threats facing your organization. Threat hunting is the ideal, proactive way to identify risks and mitigate them before they become breaches.

Listen to the podcast: The Art of Cyber Threat Hunting