You may have heard the term “chatter” during times of heightened security awareness. This often refers to increased communications pertaining to a common subject, entity, person, organization, location or site. To prevent attacks, it’s critical to identify this information early and respond to it before threat actors can gain a foothold on your network. That’s when we turn to threat hunting, or the process of seeking out potential threats before they become incidents.

Blocking and Tackling Versus Proactive Threat Hunting

Most IT operations only work in reactive mode. In many cases, they wait for an event to transpire and attempt to respond as quickly as possible before it becomes an incident. They may also attempt to anticipate attack methods by monitoring early events, then define controls around these events to block potential attack vectors. We’ll call this the blocking and tackling approach.

The problem with a blocking and tackling strategy is that you are waiting to see if your fences hold up. But what if you could identify bad actors and observe their strategies as they plan to use illicit resources against you? What if you could use this knowledge to shut them down or apply appropriate protection to block their attacks before they are launched?

This is where the value of threat hunting comes into play. The best threat hunting tools quickly correlate nebulous structured data, such as information stored in databases, with unstructured data from files, textbooks, websites, blogs, social media, collaborative forums, surveillance videos and more.

So where does chatter occur? It typically happens over various modes of communication, such as Dark Web forums and semiprivate channels over which bad actors promote their exploitation tools, share thoughts and opinions, and discuss the details of their attacks. Chatter may even begin in public forums, such as common social media outlets, as cybercriminals open discussions to attract, persuade and orchestrate others to participate in sinister schemes.

Threat actors have used these tactics against large and small businesses, local and federal governments, and other entities that hold valuable information. Effective threat hunting can help these organizations quickly identify such efforts and provide insights into the tools perpetrators plan to use in their attacks. This intelligence enables security professionals to get a jump on incident response efforts and minimize the damage.

Turn disparate data into actionable insights with IBM i2 Enterprise Insight Analysis

Why Are Enterprises Slow to Embrace Threat Hunting?

We’re all aware of the importance of threat hunting and the value of threat analysts in law enforcement, military and intelligence agencies, but enterprises have been slow to embrace this proactive strategy as part of their cybersecurity defense.

Until recently, only a few industries were fully committed to consolidating their security staffing and response orchestration. The energy and utilities industry, for example, focuses on critical infrastructure protection, including critical asset identification and protective measures in common oversight. The transportation industry also correlates physical and logical security as a common practice. Why are other industries and government agencies slower to embrace proactive threat hunting?

Have outdated organizational reporting structures prevented enterprises from combining physical and logical security? Chief information officers (CIOs), chief information security officers (CISOs) and their reporting chains are typically focused on the protection, operation, oversight and cost related to data or information access and dissemination. Chief security officers (CSOs) and employees who report to them commonly focus on the physical aspects of security. Their charter is to control and secure physical access around the perimeter, inside buildings and within sensitive areas, and to manage employees, contractors and visitors. They may correlate watchlists with physical access and apply oversight of these controls. In addition, everyone is focused on cost constraints and doing more with less, and tools have lacked the ability to adequately bridge cybersecurity with physical and logical security.

While law enforcement agencies now commonly include cybersecurity within their threat analyst duties, IT organizations largely remain focused on their blocking and tackling efforts.

Prevention Is the Best Defense

I frequently ask IT executives who is monitoring social media to determine whether negative chatter is aimed at their organization, leadership, products or staff. They often respond that someone in marketing oversees this activity, or that it’s not a priority at all. I am optimistic that someday soon executives will answer that question with the proper response: a team of threat analysts.

Given how critical threat hunting is to law enforcement, military and intelligence agencies in thwarting attacks, business leaders need to do a better job of incorporating proactive strategies into security operations. Failing to do so is like going into battle blindfolded.

Take threat hunting to the next level with IBM QRadar Advisor with Watson

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…