This is the first installment in a three-part series on threat hunting by Dr. Eric Cole published on the IBM SecurityIntelligence blog. Be sure to read Part 2 and Part 3 for more information.
One of the fundamental problems with cybersecurity is that organizations often do not realize when they are compromised. Traditional incident response methods are typically reactive, forcing security teams to wait for a visible sign of an attack. The problem is that many attacks today are stealthy, targeted and data-focused.
Just stop for a moment to ask yourself: How would you know if you were compromised? The typical answer is that you would not detect a compromise until significant damage has already been caused. Security professionals need a more aggressive approach to proactively hunt for threats on their networks.