Threat hunting – proactively searching through your own company’s networks to hunt for attacks that might evade other security measures – often signifies a company with a mature and well-resourced security organization. But just as threat actors are constantly evolving, organizations should be willing to reassess and change their security programs, even if they think they are working well.
Retail giant Target, for example, had a mature threat hunting program, but the company decided it was time for a refresh to ensure the program was fit for purpose and still helping the business.
Evolution of a mature threat hunting program
Target’s threat hunting program had been in place for five years when it decided to do a “soup to nuts” reworking of the program, the company’s Principal Engineer of Cybersecurity David Bianco told attendees at the SANS Threat Hunting Summit in London last month.
“It was time to evolve that program into something more modern,” he said. “Not that there was anything wrong with it, but we had just had essentially the same program for several years and wanted to see if there were any updates that should be…