An effective way to investigate and kill threats.
Hunting and gathering is a metaphor used in cybersecurity to explain the difference between hunting for threats using Managed Detection and Response (MDR) and gathering whatever's handy, which is the traditional model of Managed Security Service Providers (MSSPs). When thinking about hunting as an exercise, you have a target – it’s your prey. In cybersecurity, the prey is the threat, and hunting is the exercise of finding, investigating and killing it.
The skills required for hunting are evolved. We've developed weapons. We've developed strategies. And sometimes we work in packs. Hunting is a concerted effort to find and capture or kill the prey. Gathering, on the other hand, isn’t as coordinated. It's not coordinated. You can do it on your own, but you're not going to be very effective and you can’t scale.
Hunting is an active pursuit, while gathering is much more passive.
MDR is the most effective approach to cybersecurity hunting. It allows us to get visibility in the places that are usually hidden, find the threats, investigate them and decide how what to do next based on the outcome of the investigation.
Hunting will always be way more effective than gathering. The ability to determine whether something that's new and unusual represents a threat requires specialized skills. So when you're looking for a partner to help you manage the threats inside your organization, look for one that has specialized skills in hunting. Don't rely on a partner who's going to take the gathering approach and do whatever they can with whatever tools are handy.
CTO at eSentire, Mark McArdle examines the role of the hunter and explains why hunting is a much more strategic and effective way to find, investigate and kill today’s cyber threats.