Hunting the Evil of your Infrastructure
Submitted by A. S. M. Shamim Reza (@shamimreza) on Monday, 26 March 2018
Hunt. No its not Ethan Hunt of Mission Impossible. Its threat hunting I am going to talk and yah Its real time manual, I repeat manual activities of human being who are responsible to take care of your infrastructure. No, they dont have to be the expert of everything or they dont have to have several years of experience. But yes, they do need to have experience on how these infrastructure works.
Here, we will discuss how we will find out the Evil; the vulnerabilities; of your infrastructure. How it can be done. There are some talks that it can be done by automating things, like creating tools that fits your need or Talking with companies who have their best products which can work great.
I will say NO. Threat hunting must need human interaction, who knows what services, OSs, applications are running, what sort of network infrastructure do you have. How they relate to each other. The person need to have analytical abilities who can think beyond, who can find out the missed things of the infrastructure monitoring system.
Threat hunting process can be different based on the infrastructure and obviously the Needs. Proper planing, preparation, expertise, experience and execution is very important. You just cant buy some tools and put some highly paid expert at your SOC and sit back and say you are doing great by hunting down the vulnerabilities.
You need to follow some standards and Yes obviously you have to be Innovative. Doing the same steps and same procedure again and again wont give you the result.
We will learn here, what to hunt for and how often we have to do it. What tools we can use for our need not for our want. How the person have to be for this sort of responsibilities. And so on.
Threat hunting is not an easy task but not that complex too. To secure the most valuable things of earth, the Information, we have to be proactive not reactive. And this should be our goal to Hunt down the Evil.
It will have Hypothesis based case studies.
Those who are working and also interested at Security track.
I am an Open-source software enthusiast, system solution architect and Linux system expert with over 10 years of extensive experience; right now working on Linux OS developments from the scratch.
I am also an Information Security professional with over 8 years of diverse Information Security experience; from the evolving enterprise needs of large and complex organizations to the development of large public web properties, and protecting their applications, data and infrastructure from attack.
I believe sharing my experience to the community will help secure the infrastructure.