{"id":18911,"date":"2022-05-02T03:20:52","date_gmt":"2022-05-02T11:20:52","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/05\/02\/news-12644\/"},"modified":"2022-05-02T03:20:52","modified_gmt":"2022-05-02T11:20:52","slug":"news-12644","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/05\/02\/news-12644\/","title":{"rendered":"Getting started with threat hunting: five steps to support successful outcomes"},"content":{"rendered":"

Credit to Author: Doug Aamoth| Date: Mon, 02 May 2022 09:00:45 +0000<\/strong><\/p>\n

\n
\"\"<\/a>
Click here to read the report<\/a><\/figcaption><\/figure>\n

Over the last year, 59% of organizations experienced an increase in the complexity of cyberattacks1<\/sup>.\u00a0Malicious actors are more cunning than ever, increasingly deploying stealthy human-led techniques to conduct their attacks.<\/p>\n

As a result, security teams have turned to the practice of threat hunting in order stop these advanced threats \u2013 but it isn\u2019t easy.<\/p>\n

In our new guide, Getting Started With Threat Hunting<\/a>, we cover what threat hunting is, why it has become an essential part of your security efforts, and how to go about it. \u00a0We also provide an in-depth overview of the tools and frameworks security teams are leveraging to help them stay ahead of the latest threats and rapidly respond to any potential attacks.<\/p>\n

Five steps to help you prepare for threat hunting<\/h2>\n

As far as security operations go, preparation is key to success. It\u2019s important to lay the right foundations before you begin to hunt in earnest. We recommend the following five steps to set your organization and team up for success:<\/p>\n

    \n
  1. Understand the maturity of your current cybersecurity operations
    Mapping your processes to a cybersecurity maturity model (such as the CMMC) is a great way to establish how well equipped (or not) you are to begin threat hunting. It’s also a good idea to audit your security posture to determine just how susceptible to threats you might be.<\/li>\n
  2. Decide how you want to go about threat hunting
    Once you\u2019ve established your cyber maturity, you can then decide whether threat hunting is something you want to do in-house, fully outsource, or a combination of the two.<\/li>\n
  3. Identify technology gaps
    Review your existing tools and identify what else you need to do effective threat hunting. How effective is your prevention technology? Does it have or support threat hunting capabilities?<\/li>\n
  4. Identify skills gaps
    Threat hunting requires specialist skills. If you don’t have the experience in-house, explore training courses to help develop the necessary skills. Also, consider working with a third-party provider to supplement your team.<\/li>\n
  5. Develop and implement an incident response plan
    It is essential to have a fully-fledged incident response plan in place to ensure any response is measured and controlled.\u00a0 Having a well-prepared, well-understood response plan that all key parties can immediately put into action will dramatically reduce the impact of an attack on your organization.<\/li>\n<\/ol>\n

    For more details, read Getting Started With Threat Hunting<\/a>.<\/p>\n

    Threat hunting enablers<\/h2>\n

    Effective threat hunting requires a combination of next-generation technologies with extensive human expertise.<\/p>\n

    Prevention technologies \u2013 reducing signal fatigue<\/h3>\n

    Threat hunters can only conduct their roles efficiently if they aren\u2019t inundated with security alerts. One way to achieve this is to introduce best-in-class prevention technologies so that defenders can focus on fewer, more accurate detections and streamline the subsequent investigation and response process.<\/p>\n

    The prevention capabilities in Sophos Intercept X Endpoint protection block 99.98% of threats2<\/sup> enabling defenders to better focus on the suspicious signals that require human intervention.<\/p>\n

    You can learn more about or take a trial of Intercept X Endpoint here.<\/a><\/p>\n

    Threat hunting technologies – endpoint\/extended detection and response (EDR\/XDR)<\/h3>\n

    For threat hunters to identify and investigate potentially malicious activities, they need inputs and investigation tools. Enter EDR and XDR. They enable hunters to quickly see suspicious detections and investigate them thoroughly.<\/p>\n

    EDR provides inputs from the endpoint solution. In contrast, XDR consolidates signals from across the wider IT environment, including firewall, mobile, email, and cloud security solutions. Given that adversaries exploit every attack opportunity, the wider you cast your signal net, the better you can detect them early.<\/p>\n

    Designed for security analysts and IT administrators alike, Sophos XDR<\/a> enables your team to detect, investigate, and respond to incidents across your IT estate. Instantly get to the information that matters to you by choosing from a library of pre-written, customizable templates covering many different threat hunting and IT operations scenarios \u2013 or write your own.<\/p>\n

    To test out Sophos XDR\u2019s threat hunting capabilities, you can either start an in-product trial (if you have a Sophos Central account) or take a trial of Sophos Intercept X Endpoint<\/a>, which includes XDR.<\/p>\n

    Threat hunting services \u2013 managed detection and response (MDR)<\/h3>\n

    MDR, delivered as a fully managed service, empowers organizations with a dedicated team of security analysts hunting for lurking threats 24\/7\/365. In fact, \u201c51% utilize a managed detection and response (MDR) service provider to help integrate telemetry data for threat detection and response,\u201d<\/em> according to ESG Research.<\/p>\n

    MDR providers, like Sophos Managed Threat Response (MTR)<\/a>, have a variety of advantages over an in-house only security operations program. The most significant advantage of them all is often experience.<\/p>\n

    The Sophos MTR team has thousands of hours of experience, having seen and dealt with everything adversaries can throw at them. They can also learn from attacks on one organization and apply them to all customers. Another benefit is scale: the Sophos MTR team can provide 24\/7 support delivered by three global teams.<\/p>\n

    To discuss how Sophos MTR can support your organization, speak to your Sophos representative or request a callback<\/a>. In the meantime, catch up on the latest MTR research and casebooks<\/a>.<\/p>\n

    1<\/sup>The State of Ransomware 2022 – Sophos<\/em><\/p>\n

    2<\/sup>AV-Test average score: Jan-Nov 2021<\/em><\/p>\n<\/p><\/div>\n

    http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    <\/p>\n

    Credit to Author: Doug Aamoth| Date: Mon, 02 May 2022 09:00:45 +0000<\/strong><\/p>\n

    Get practical guidance on how to prepare to search for and neutralize elusive cyber threats<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[23925,24562,12750,22487],"class_list":["post-18911","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-mtr","tag-products-services","tag-threat-hunting","tag-xdr"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18911","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18911"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18911\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18911"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}