TY - GEN
T1 - Effective Cyber Threat Hunting
T2 - 21st European Conference on Cyber Warfare and Security, ECCWS 2022
AU - Ntingi, Nombeko
AU - Duvenage, Petrus
AU - du Toit, Jaco
AU - von Solms, Sebastian
N1 - Publisher Copyright:
© 2022 Curran Associates Inc.. All rights reserved.
PY - 2022
Y1 - 2022
N2 - Traditionally threat detection in organisations is reactive through pre-defined and preconfigured rules that are embedded in automated tools such as firewalls, anti-virus software, security information and event management (SIEMs) and intrusion detection systems/intrusion prevention systems (IDS/IPS). As the fourth industrial revolution (4IR) brings with it an exponential increase in technological advances and global interconnectivity, the cyberspace presents security risks and threats the scale of which is unprecedented. These security risks and threats have the potential of exposing confidential information, damaging the reputation of credible organisations and/or inflicting harm. The regular occurrence and complexity of cyber intrusions makes the guarding enterprise and government networks a daunting task. Nation states and businesses need to be ingenious and consider innovative and proactive means of safeguarding their valuable assets. The growth of technological, physical and biological worlds necessitates the adoption of a proactive approach towards safeguarding cyber space. This paper centers on cyber threat hunting (CTH) as one such proactive and important measure that can be adopted. The paper has a central contention that effective CTH cannot be an autonomous ‘plug in’ or a standalone intervention. To be effective CTH has to be synergistically integrated with relevant existing fields and practices. Academic work on such conceptual integration of where CTH fits is scarce. Within the confines of the paper we do not attempt to integrate CTH with many of the various relevant fields and practices. Instead, we limit the scope to postulations on CTH’s interface with two fields of central importance in cyber security, namely Cyber Counterintelligence (CCI) and Cyber Threat Monitoring and Analysis (CTMA). The paper’s corresponding two primary objectives are to position CTH within the broader field of CCI and further contextualise CTH within the CTMA domain. The postulations we advanced are qualified as tentative, exploratory work to be expanded on. The paper concludes with observations on further research.
AB - Traditionally threat detection in organisations is reactive through pre-defined and preconfigured rules that are embedded in automated tools such as firewalls, anti-virus software, security information and event management (SIEMs) and intrusion detection systems/intrusion prevention systems (IDS/IPS). As the fourth industrial revolution (4IR) brings with it an exponential increase in technological advances and global interconnectivity, the cyberspace presents security risks and threats the scale of which is unprecedented. These security risks and threats have the potential of exposing confidential information, damaging the reputation of credible organisations and/or inflicting harm. The regular occurrence and complexity of cyber intrusions makes the guarding enterprise and government networks a daunting task. Nation states and businesses need to be ingenious and consider innovative and proactive means of safeguarding their valuable assets. The growth of technological, physical and biological worlds necessitates the adoption of a proactive approach towards safeguarding cyber space. This paper centers on cyber threat hunting (CTH) as one such proactive and important measure that can be adopted. The paper has a central contention that effective CTH cannot be an autonomous ‘plug in’ or a standalone intervention. To be effective CTH has to be synergistically integrated with relevant existing fields and practices. Academic work on such conceptual integration of where CTH fits is scarce. Within the confines of the paper we do not attempt to integrate CTH with many of the various relevant fields and practices. Instead, we limit the scope to postulations on CTH’s interface with two fields of central importance in cyber security, namely Cyber Counterintelligence (CCI) and Cyber Threat Monitoring and Analysis (CTMA). The paper’s corresponding two primary objectives are to position CTH within the broader field of CCI and further contextualise CTH within the CTMA domain. The postulations we advanced are qualified as tentative, exploratory work to be expanded on. The paper concludes with observations on further research.
KW - active cyber defense
KW - cyber counterintelligence
KW - cyber threat hunting
KW - cyber threat intelligence
KW - cyber threat modelling
KW - proactive
UR - http://www.scopus.com/inward/record.url?scp=85167625303&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85167625303
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 206
EP - 213
BT - Proceedings of the 21st European Conference on Cyber Warfare and Security, ECCWS 2022
A2 - Eze, Thaddeus
A2 - Khan, Nabeel
A2 - Onwubiko, Cryil
A2 - Onwubiko, Cryil
PB - Curran Associates Inc.
Y2 - 16 June 2022 through 17 June 2022
ER -