An effective way to investigate and kill threats.

Hunting and gathering is a metaphor used in cybersecurity to explain the difference between hunting for threats using Managed Detection and Response (MDR) and gathering whatever's handy, which is the traditional model of Managed Security Service Providers (MSSPs). When thinking about hunting as an exercise, you have a target – it’s your prey. In cybersecurity, the prey is the threat, and hunting is the exercise of finding, investigating and killing it. 

The skills required for hunting are evolved. We've developed weapons. We've developed strategies. And sometimes we work in packs. Hunting is a concerted effort to find and capture or kill the prey. Gathering, on the other hand, isn’t as coordinated. It's not coordinated. You can do it on your own, but you're not going to be very effective and you can’t scale. 

Hunting is an active pursuit, while gathering is much more passive.  

MDR is the most effective approach to cybersecurity hunting. It allows us to get visibility in the places that are usually hidden, find the threats, investigate them and decide how what to do next based on the outcome of the investigation.   

Hunting will always be way more effective than gathering. The ability to determine whether something that's new and unusual represents a threat requires specialized skills. So when you're looking for a partner to help you manage the threats inside your organization, look for one that has specialized skills in hunting. Don't rely on a partner who's going to take the gathering approach and do whatever they can with whatever tools are handy. 

CTO at eSentire, Mark McArdle examines the role of the hunter and explains why hunting is a much more strategic and effective way to find, investigate and kill today’s cyber threats. 

 
Transcript:

Today, I want to talk to you about hunters and gatherers. This is a metaphor used in cybersecurity to explain the difference between hunting for threats using managed detection and response and gathering whatever's handy, which is the traditional model of MSSPs. Now if we think about hunting as an exercise, hunting, you have a target. It's your prey. And in cybersecurity, the prey is the threat. The threat's hiding somewhere in the grass, and your job is to find it, investigate it, and kill it.

The skills required for hunting are pretty evolved. We've developed weapons. We've developed strategies. We work in packs sometimes. It's a concerted effort to find and capture or kill the prey. And gathering, it's much more social. It's not coordinated. You can do it on your own, but you're not going to be very effective. You're not going to scale.

Hunting is an active pursuit. You are looking specifically to capture or kill something. In the gathering model, you may have a basket. You may want to fill it with berries, but you're not sure whether you're actually going to find anything or not. Hunting is very strategic, where gathering is very tactical. There's no master plan with gathering.

But the MDR view of the world is much more strategic. We intentionally want to get visibility in the places that, otherwise, you can't see into because you can't find the threats if you can't see them. And once you see something that could be a threat, you need the ability to dig into that, to look at it from different perspectives, to bring new context to that event, to bring in other insights that ultimately lead you to a decision. "Yes, this is bad. We're going to kill it," or, "No, this is just one of those things that happens. It's innocuous. Take no action."

Hunting will always be way more effective than gathering. The ability for us to determine whether something that's new and unusual represents a threat requires specialized skills. So when you're looking for a partner to help you manage the threats inside your organization, be looking for one that has specialized skills in hunting, in managed detection and response. Don't rely on a partner who's going to take the gathering approach and do whatever he can with whatever is handy.

Ready to start the conversation about cybersecurity?
Talk to us today.
Let's Talk