Effective Cyber Threat Hunting: Where and how does it fit?

Nombeko Ntingi, Petrus Duvenage, Jaco du Toit, Sebastian von Solms

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)

Abstract

Traditionally threat detection in organisations is reactive through pre-defined and preconfigured rules that are embedded in automated tools such as firewalls, anti-virus software, security information and event management (SIEMs) and intrusion detection systems/intrusion prevention systems (IDS/IPS). As the fourth industrial revolution (4IR) brings with it an exponential increase in technological advances and global interconnectivity, the cyberspace presents security risks and threats the scale of which is unprecedented. These security risks and threats have the potential of exposing confidential information, damaging the reputation of credible organisations and/or inflicting harm. The regular occurrence and complexity of cyber intrusions makes the guarding enterprise and government networks a daunting task. Nation states and businesses need to be ingenious and consider innovative and proactive means of safeguarding their valuable assets. The growth of technological, physical and biological worlds necessitates the adoption of a proactive approach towards safeguarding cyber space. This paper centers on cyber threat hunting (CTH) as one such proactive and important measure that can be adopted. The paper has a central contention that effective CTH cannot be an autonomous ‘plug in’ or a standalone intervention. To be effective CTH has to be synergistically integrated with relevant existing fields and practices. Academic work on such conceptual integration of where CTH fits is scarce. Within the confines of the paper we do not attempt to integrate CTH with many of the various relevant fields and practices. Instead, we limit the scope to postulations on CTH’s interface with two fields of central importance in cyber security, namely Cyber Counterintelligence (CCI) and Cyber Threat Monitoring and Analysis (CTMA). The paper’s corresponding two primary objectives are to position CTH within the broader field of CCI and further contextualise CTH within the CTMA domain. The postulations we advanced are qualified as tentative, exploratory work to be expanded on. The paper concludes with observations on further research.

Original languageEnglish
Title of host publicationProceedings of the 21st European Conference on Cyber Warfare and Security, ECCWS 2022
EditorsThaddeus Eze, Nabeel Khan, Cryil Onwubiko, Cryil Onwubiko
PublisherCurran Associates Inc.
Pages206-213
Number of pages8
ISBN (Electronic)9781914587405
Publication statusPublished - 2022
Event21st European Conference on Cyber Warfare and Security, ECCWS 2022 - Chester, United Kingdom
Duration: 16 Jun 202217 Jun 2022

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
Volume2022-June
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference21st European Conference on Cyber Warfare and Security, ECCWS 2022
Country/TerritoryUnited Kingdom
CityChester
Period16/06/2217/06/22

Keywords

  • active cyber defense
  • cyber counterintelligence
  • cyber threat hunting
  • cyber threat intelligence
  • cyber threat modelling
  • proactive

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Effective Cyber Threat Hunting: Where and how does it fit?'. Together they form a unique fingerprint.

Cite this