Hansel and Gretel have wised up quite a bit since their harrowing childhood experience with the Evil Witch. Their narrow escape garnered them a lot of attention, so it was no surprise that they went on to become expert threat hunters as security analysts for the forest.

Back in the day, Hansel and Gretel used breadcrumbs as a simple way to (hopefully) find their way back home. It was a defense that didn’t end well for them. Now Hansel and Gretel spend their days following a different kind of breadcrumb trail: a trail of suspicious behaviors. But why would they put themselves in danger again?

That’s because these breadcrumb trails can lead them to advanced persistent threats (APTs). It’s actually an offensive strategy to help identify well-organized, well-resourced malicious actors — the kind that break through without tripping any alarms. The siblings fell for one of those threats before when they foolishly stepped into the candy-filled home of the Evil Witch, but they won’t let her get hold of a helpless kid ever again.

The Role of Threat Hunters in the Forest

So how will they do it? You see, threat hunters are very deliberate. They know which breadcrumbs lead to serious threats and which don’t. But to start, Hansel and Gretel must first figure out the answers to three questions:

  1. What is their most valuable possession to protect? In the forest, it’s children.
  2. Who would be after this valuable possession? Why, an Evil Witch, of course!
  3. What tactics, techniques and procedures (TTPs) would this person use to breach the network? The sweet smells of candy and cake, for one.

Now Hansel and Gretel can set a baseline for what is normal. How many kids are in the forest on any given day? Does the forest usually smell like delicious baked goods? Has the Evil Witch purchased bulk candy lately? What is considered too close to the Evil Witch’s property?

When any of these data points break out of the norm, Hansel and Gretel know they must act before it’s too late. Thanks to threat hunting, they can close the gap from the time of compromise to the time of detection. No more kids will go missing on their watch!

Follow the Breadcrumb Trail to Security

With IBM i2 Enterprise Insight Analysis and QRadar SIEM, Hansel and Gretel follow a breadcrumb trail that will prevent the evil witch from ever capturing another child.

You can also follow breadcrumbs that lead to your end goals before it’s too late. IBM i2 can help you stop malicious actors in their tracks — whether they’re cunning witches or crafty cybercriminals — in record time.

Finding breadcrumbs in a crowded forest may seem impossible, but narrowing your focus on those clues can help you pinpoint the biggest threats facing your organization. Threat hunting is the ideal, proactive way to identify risks and mitigate them before they become breaches.

Listen to the podcast: The Art of Cyber Threat Hunting

More from Network

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in New Space

View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth, there has also been an expansion of the cyberattack surface of space systems. Attacks are becoming more and more sophisticated and affecting several components of the space system’s architecture. Threat Actors' Methodology Every space system architecture is composed of three…

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT is the use of any hardware or software operating within an enterprise without the knowledge or permission of IT or Security. IBM Security X-Force responds…