Suppressing the Adversary via Threat Hunt Teams>
IT Security Guru – Dean Alvarez
Here at Carbon Black we firmly believe that decreasing dwell time of these insurgencies is imperative in 2018. In order to achieve this goal, organisations must embrace the threat hunt. The extradition of Russian elite cybercriminal Nikulin is a historic example of this. As a member of the Russian cyber-militia, he had been an influential member for close to a decade. He leveraged his expertise beyond monetary gain to show homage to the regime as a politico-hacker. A hunter must position themselves on the âhigh groundâ, defined by greater situational awareness. Specifically, the hunter must analyse threat intel from customer IPs, domains and hashes applied to historical data. >From that vantage, one must search for similar threads that are not identical matches in historical data. Successful anomaly detection requires continuous analysis of unfiltered data from the endpoint. Step I: Go Historical. Stage II: Move up the pyramid of pain Stage III: Moving to anomaly-based hunting
Link: http://www.itsecurityguru.org/2018/04/13/suppressing-adversary-via-threat-hunt-teams/