Light Dark
June 17, 2019 By John Pinkham
Jake Munroe
< 1 min read
Threat Hunting

We hear it from our customers or in conversations at trade shows all the time: It would be great to hunt cyberthreats, but there is simply not enough time or resources to pull it off effectively. Larger organizations with big security budgets often make hunting cyberthreats part of the incident response process or even have a dedicated threat hunting team. But for many organizations, it seems daunting to even know where to begin.

Despite these common challenges, threat hunting is incredibly important in today’s cyber landscape. A proactive cyberthreat hunting program can help analysts uncover unknown threats in the environment and gain a deeper understanding of the organization’s technical landscape. But the fact remains that getting a proactive and efficient threat hunting program off the ground can be a challenge for many organizations. What can they do to get started?

5 Tips for Building a Threat Hunting Program

A new SANS Spotlight titled “Thinking Like a Hunter: Implementing a Threat Hunting Program” dives into this challenge and explores how organizations can increase their maturity and start a successful threat hunting program. The paper provides a few key steps that security teams can follow to make their security more effective through threat hunting. Here are five key tips from the report.

Download “Thinking Like a Hunter: Implementing a Threat Hunting Program”

 |  |  |  |  |  | 
John Pinkham
Product Marketing Manager for IBM Security Solutions
Jake Munroe
i2 Product Marketing Manager

More from Threat Hunting
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

October 6, 2023

Reflective call stack detections and evasions

6 min read - In a blog published this March, we explored reflective loading through the lens of an offensive security tool developer, highlighting detection and evasion opportunities along the way. This time we are diving into call stack detections and evasions, and how BokuLoader reflectively loads call stack spoofing capabilities into beacon. We created this blog and public release of BokuLoader during Dylan’s summer 2023 internship with IBM X-Force Red. While researching call stack spoofing for our in-house C2, this was one of…

August 16, 2023

SIEM and SOAR in 2023: Key trends and new changes

4 min read - Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems. But as many companies have begun reaching the limits of SIEM and SOAR systems over the last few years, they have started turning to other solutions such as extended detection and response (XDR). But does this shift spell the end of SIEM…

August 15, 2023

Threat hunting 101: How to outthink attackers

6 min read - Threat hunting involves looking for threats and adversaries in an organization’s digital infrastructure that existing security tools don't detect. It is proactively looking for threats in the environment by assuming that the adversary is in the process of compromising the environment or has compromised the environment. Threat hunters can have different goals and mindsets while developing their hunt. For example, they can look for long-term threats in the environment that advanced threat actors can exploit. Or they can look for…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature