Security News > 2022 > February > Are separate SIEMs for threat hunting a good idea?

Are separate SIEMs for threat hunting a good idea?
2022-02-23 06:30

In this interview with Help Net Security, Brian Dye, CEO at Corelight, talks about the trend of creating separate SIEMs for threat hunting and why this is not achieveable for all organizations.

We are seeing companies establishing separate SIEMs for threat hunting.

Threat hunters use that baseline to find anomalies and then classify them as operational issues or threat activity and react accordingly.

Second, use what is both out-of-the-box or freely available - projects like SIGMA provide threat hunting and SIEM queries for a wide range of TTPs. Third, use industry standard data and tools so you get the best access to talent and training.

Why is it important to separate threat hunting and incident response and what is the best way to do it?

Second, the threat hunting team needs to share their insight on what anomalies they see in the environment, so that the IR team sees what is "Normal" quickly.


News URL

https://www.helpnetsecurity.com/2022/02/23/siems-threat-hunting/