Threat Hunting December 12, 2017
By Aubre Andrus 2 min read
Series: Lessons In Security

Hansel and Gretel have wised up quite a bit since their harrowing childhood experience with the Evil Witch. Their narrow escape garnered them a lot of attention, so it was no surprise that they went on to become expert threat hunters as security analysts for the forest.

Back in the day, Hansel and Gretel used breadcrumbs as a simple way to (hopefully) find their way back home. It was a defense that didn’t end well for them. Now Hansel and Gretel spend their days following a different kind of breadcrumb trail: a trail of suspicious behaviors. But why would they put themselves in danger again?

That’s because these breadcrumb trails can lead them to advanced persistent threats (APTs). It’s actually an offensive strategy to help identify well-organized, well-resourced malicious actors — the kind that break through without tripping any alarms. The siblings fell for one of those threats before when they foolishly stepped into the candy-filled home of the Evil Witch, but they won’t let her get hold of a helpless kid ever again.

The Role of Threat Hunters in the Forest

So how will they do it? You see, threat hunters are very deliberate. They know which breadcrumbs lead to serious threats and which don’t. But to start, Hansel and Gretel must first figure out the answers to three questions:

  1. What is their most valuable possession to protect? In the forest, it’s children.
  2. Who would be after this valuable possession? Why, an Evil Witch, of course!
  3. What tactics, techniques and procedures (TTPs) would this person use to breach the network? The sweet smells of candy and cake, for one.

Now Hansel and Gretel can set a baseline for what is normal. How many kids are in the forest on any given day? Does the forest usually smell like delicious baked goods? Has the Evil Witch purchased bulk candy lately? What is considered too close to the Evil Witch’s property?

When any of these data points break out of the norm, Hansel and Gretel know they must act before it’s too late. Thanks to threat hunting, they can close the gap from the time of compromise to the time of detection. No more kids will go missing on their watch!

Follow the Breadcrumb Trail to Security

With IBM i2 Enterprise Insight Analysis and QRadar SIEM, Hansel and Gretel follow a breadcrumb trail that will prevent the evil witch from ever capturing another child.

You can also follow breadcrumbs that lead to your end goals before it’s too late. IBM i2 can help you stop malicious actors in their tracks — whether they’re cunning witches or crafty cybercriminals — in record time.

Finding breadcrumbs in a crowded forest may seem impossible, but narrowing your focus on those clues can help you pinpoint the biggest threats facing your organization. Threat hunting is the ideal, proactive way to identify risks and mitigate them before they become breaches.

Listen to the podcast: The Art of Cyber Threat Hunting

 |  |  |  |  |  |  | 
Aubre Andrus
Children's Book Author

More from Threat Hunting
August 16, 2023

SIEM and SOAR in 2023: Key trends and new changes

4 min read - Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems. But as many companies have begun reaching the limits of SIEM and SOAR systems over the last few years, they have started turning to other solutions such as extended detection and response (XDR). But does this shift spell the end of SIEM…

August 15, 2023

Threat hunting 101: How to outthink attackers

6 min read - Threat hunting involves looking for threats and adversaries in an organization’s digital infrastructure that existing security tools don't detect. It is proactively looking for threats in the environment by assuming that the adversary is in the process of compromising the environment or has compromised the environment. Threat hunters can have different goals and mindsets while developing their hunt. For example, they can look for long-term threats in the environment that advanced threat actors can exploit. Or they can look for…

August 10, 2023

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

August 3, 2023

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature