Intelligent CIO Europe Issue 76 | Page 19

LATEST INTELLIGENCE
WHY CONDUCT A THREAT HUNT ?
Most host-or network-based detection systems rely on matching , otherwise known as signatures , to generate alerts to signal defenders that there is something unwanted in the network . However , attackers are continually evolving to evade detection , and signatures are developed only after the artifact was discovered in another network . So , if you ’ re not hunting for artifacts in your environment , how will you discover that attackers are evading your current defenses ? could yield run-of-the-mill infections such as adware , or other dormant malware that aren ’ t directly targeting your organization but are still a threat . Lastly , resource abuse and Shadow IT , services that are not officially supported , can introduce risk through degraded network performance or new adversary attack vectors . Every hunt teaches you something new about the network which will aid in your next investigation . �
Hunting has several positive outcomes . The first is you might find artifacts of an active intruder that your current defenses missed . While some may think this is a tragedy , it can be a huge win , especially if the intruder hasn ’ t completed their objective ( s ). In every hunt , there ’ s always something to find .
You may discover network or software misconfigurations that pose a threat , either because they degrade network performance or introduce a vulnerability . Next , the hunt
Download whitepapers free from www . intelligentcio . com / eu / whitepapers /
www . intelligentcio . com INTELLIGENTCIO EUROPE 19