The Hunter's Handbook: Endgame's Guide To Adversary Hunting
As new data breaches surpass previous breaches in size and scope, it’s clear that perimeter firewalls and antivirus detection are inadequate for today’s threat environment. Cyberespionage and cybercrime have proliferated, with attackers bypassing defenses at will to steal unprecedented amounts of intellectual property and personally identifiable information. Even small companies are becoming targets for their IP and as a means to access partner or customer companies within a supply chain. Clearly, the status quo is broken.
We all recognize that incidents are inevitable. Now, how do we act on this knowledge? What can we do differently to prevent a breach? We see hunting as an essential component of security. It is the proactive, stealthy, and surgical detection and eviction of adversaries inside your network without known indicators of compromise. Hunting is an offense-based strategy; hunting is thinking like the attacker. If you were the adversary, what would you attack, for what purpose, and how? Attackers have a mission. Hunting must be able to derail that mission.