Browse Month: April 2017

Threat Hunting: When You Can’t Sit Back and Wait

Threat Hunting

Do you ever sit at your desk and wonder when the next attack on your network will occur? Maybe you have an automated system that sends you alerts, but you get so many false positives, you feel like you’re starting to drown in the irrelevant data. Meanwhile, threat actors are continuously improving their techniques and approaches.

While threat detection tools and incident response are both critical, sometimes security professionals need to take a more proactive approach. Threat hunting is essentially threat detection that is driven by a human analyst. This is somewhat different than it being driven by an automated system, no matter how powerful the system is.

“Security Operations Centers (SOCs) today are faced with an onslaught of false positive alerts and actual attacks often lay undetected for months before being discovered. Threat hunting is a critical new function for any modern SOC to proactively look in the blind spots of current tools and sensors and surface hidden, advanced threats,” says Ely Kahn, co-founder of Sqrrl and former Director of Cybersecurity at the White House.

Tools Are An Important Part Of The Strategy

Traditional systems for finding threats are typically based upon signatures, which means they can only detect things that are known. Newer systems actually monitor behavior and do a better job of identifying unknown attacks on your endpoints. Monitoring behaviors allows you to identify when an endpoint has been compromised. Machine learning can be used to identify traffic patterns of a hacked device as it reports back to a command-and-control system.

Threat Hunting

You can’t rely on monitoring and the alerts alone to know that your network is safe. Threat hunting helps you identify attackers that have been operating unseen within your network. At the same time, threat hunting can be used to augment your automated threat detection and improve the quality of detections by reducing false positives.

Without having someone actively hunting for threats on your network, you must wait for automated systems to alert you when an attack occurs. However, what happens when an attacker finds a way around your automated system and through gaps in your security?

Instead of sitting around waiting, threat hunters are constantly looking for new ways to identify attackers. A threat hunter can work to not only identify these threats, but to automate known threat detection in the future. This will help reduce the number of items that threat hunters will need to monitor going forward.

“While machine learning is incredibly powerful it’s not something that solves the attack detection problem. It’s something which narrows your focus and attracts the attention of a human analyst to take a look,” says Ian Barker with betanews.

When You Can't Sit Back and Wait

Tips To Improve Your Threat Hunting

Make the most of your data: Automated systems can collect a plethora of data within a short period of time. Embracing data analytics can help you create datasets that will make your hunting more productive. Since some attacks involve weeks or even months of data, you will need a system like Apache Hadoop that can be used to collect and analyze the data.

Machine learning: With machine learning, you have the ability to increase your hunting potential and help you find the anomalies within your dataset.

Have a strategy in place (before you get hacked): An underlying theme in most of the sessions at April’s InfoSec World was to have a strategy in place before you get hacked. The last thing you want to do is to stand in front of the Board of Directors and tell them that the company has suffered a data breach. Create a strategy before this occurs. Use a framework like kill chain mapping to give you a way of making sure that each hunting expedition is efficient.

Let The Hunt Begin

Security researchers need to continue to challenge themselves in their organization to proactively hunt threats instead of waiting to react after a breach has occurred. Using a blended approach with threat hunting delivers better results than just depending on a single method or tool.

New Call-to-action



Cybersecurity professionals are by nature a cautious group who spend their days trying to figure out what types of tricks the attackers will attempt next. Some even try to teach employees in their organization good practices like not clicking on emails from people they don’t know. 

Enter the marketing professional, whose job it is to market to this group of cautious professionals and get them to trust us enough to actually click on a link so they can check out our products and services. As marketers, we like to collect analytics to show how readers are progressing through the sales cycle. Unfortunately, in order to get this type of tracking data, our links have to be unique and don’t display the true destination of the click (i.e. might become This means that cybersecurity professionals can’t tell where a link goes and are therefore unlikely to click. 

In order to succeed as marketer with cybersecurity professionals, you need to understand how they’re different. This group of professionals is wary of many types of marketing as they are constantly on the lookout for people trying to dupe them or their fellow employees.

Here are 4 tips to improve your email marketing to cybersecurity professionals:

1. Get To Know Your Audience (Intimately)

  •  Create a Use Case that clearly defines who your audience is, the challenges they  face, and how you need to position your product or service so that it is the     unique  solution they need to solve their problem.
  •  Understand which sector of the cybersecurity industry your product or service  occupies (i.e. endpoints, incident response, antivirus, logging, etc.).
  •  Understand and use their language of cybersecurity in your email correspondence.
  •  Find out if there are any regulations or standards by which your software will be  affected.

2. Take The Time to Build Trust

Whenever working with this highly technical group of people, always use facts instead of bold marketing claims. If you try to exaggerate the features or benefits of your services, you will likely get an unsubscribe.

This is a group of people who are regularly being told by vendors that their software is the “magic silver bullet” that will stop any type of attack. The problem is, saying that anything is “unhackable,” “undefeatable,” or “able to stop any type of attack” to this audience will quickly destroy the trust you’ve worked hard to build.

Instead, stick to the facts, features, and benefits that you can prove and market your product or service with credibility. 

3. Take Advantage Of Case Studies

There is no better way to prove that your product or service is credible than hearing success stories of other customers who have used your product or service. Customer case studies provide a real-world story of how a challenge was met and then uniquely solved with your service.

images (2)-1.jpgHow can you get these case studies? When you’re negotiating price with an existing customer, ask them if they would be willing to do a public reference in exchange for a reduced price.

4. Start With A Strong Welcome Series

After your lead has downloaded your gated content (i.e. case study, whitepaper, webinar, etc.), make sure you send them a strong welcome series. A welcome series will typically have the best open and click-thru rates.

Keep Nurturing

Providing real value that connects with cybersecurity professionals in their own language using a welcome series is a great way to start building trust. By following these tips, you can keep nurturing cybersecurity leads until they are ready to make a decision.

New Call-to-action