Cyber investigations, threat hunting and research: More art than science

2021-05-17 05:00

While it's true that threat hunting, incident response, and threat research all have their foundations in science, throughout my entire career I have found it is also fundamentally true that the most successful threat hunters, incident responders, and threat researchers are far more artist than scientist.

When you write reports about your threat research that will be released publicly, do not simply annotate the threat you documented.

The best hunters approach the forensic console as a truly blank canvas, and more importantly - they try not to paint the same painting multiple days in a row.

Most hunters quickly develop habits and begin only hunting for the same sets of threat behaviors over time.

Force yourself to be uncomfortable, hunting in protocols or data you are not familiar with.

Overall, if you find threat hunting and research to be mentally stimulating, and even fun, you've already overcome the biggest hurdle to a successful career.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/RlF8zUj4M8k/

#investigation #research #threat