How threat hunters stay informed and collaborate

How threat hunters stay informed and collaborate
OpenText Blog – Grayson Milbourne
The article discusses the findings of a study by The CHISEL Group at the University of Victoria on the collaboration and information-sharing practices of threat hunters in the cybersecurity landscape
Key points include:
1) Collaboration in Threat Hunting:
– Threat hunters collaborate with diverse internal and external teams, including SOC, data science, threat intelligence, clients, cybersecurity insurance companies, and supply chain vendors.
– Effective communication is crucial, and teams use various platforms like Slack, Teams, and email for synchronous and asynchronous communication.
– Synchronous collaboration allows for immediate interaction and quick decision-making, while asynchronous collaboration is key when working across different time zones or when immediate responses aren’t necessary.
– Recommendations for improvement include automating report generation, reducing the number of meetings, and establishing a formal handoff protocol.
2) Staying Informed:
– Threat hunters need a blend of technical and non-technical skills, including knowledge of operating systems, networking, programming, cybersecurity basics, communication, problem-solving, and analytical ability.
– Skills can be acquired through formal education, certifications, on-the-job training, and continuous learning through various resources.
– Threat hunters rely on information resources such as OSINT, GitHub, podcasts, threat intelligence platforms, and industry conferences and events.
– Limitations of some resources include unreliability of information and paywalls, and integrating key resources into threat hunting tools and verifying the trustworthiness of information sources can help mitigate these limitations.
3) Recommendations for Improvement:
– Better integration of resources into main tools and developing ways to verify the trustworthiness of information can enhance the reliability and accessibility of critical information.
– Threat hunters should continue to engage with industry knowledge sharing and communication to stay informed while the industry works on new and better ways to integrate threat intelligence.
Link: https://blogs.opentext.com/how-threat-hunters-stay-informed-and-collaborate


Categories:

Tags: