When you hear about threat hunters and threat hunting teams, what images pop into your mind? Have you ever wanted to meet real threat hunters for yourself? Our new video: “Meet the Threat Hunters” allows you to see the inside of F-Secure’s threat hunting operations.
Threat hunting is not based on the detection of known attacks, but on developing new attack methods that have never been seen before. When a new attack method is developed, it can then be transformed into a defensive use case before outsiders ever have the chance to make use of the attack. This focus on finding and preventing new attack techniques before they are used is what makes F-Secure’s threat hunters so passionate about their work.
All threat hunters undertake some type of offensive training, but most of them are recruited in part because of their existing offensive background. Extensive experience testing attack methods is a huge advantage for a threat hunter because it gives them the ability to operate with a genuine attacker’s mindset. In situations where an attacker’s techniques are not immediately apparent, this basic familiarity with underlying attack methods is a tremendous benefit, telling the threat hunter where to look and what to look for.
This emphasis on developing and maintaining an offensive mindset has helped threat hunters shift the advantage back to the defender’s side, after several years in which attackers have held the high ground. Although the attacker would obviously like to stay hidden as long as possible, they do have to come out of hiding at some point to attempt to achieve their mission – and that’s when the threat hunters will see them. Once the attacker is sighted, threat hunters can isolate them, neutralize them, and remove them completely from the affected system.
Threat hunters at F-Secure spend 50% of their time on research, allowing them to test potential attack methods and experiment with attacks they may have read about or come across. The goal of these research sessions is to find ways to automate defenses against new methods of attack, thus rendering them harmless. This focus on threat hunting research keeps the threat hunters engaged with their work and passionate about coming in to work every day. The thrill of discovering, testing, and neutralizing potential attack techniques before the attackers have the chance to do so is what motivates the threat hunter.
Read more about threat hunting from our newly published whitepaper “Demystifying Threat Hunting”.Get the paper