It’s entirely possible that I misunderstand or am missing the point completely…I’m talking about ‘threat hunting’ – Proactively searching your network for threats with the intention of sussing out all the bad.
My problem is not with threat hunting, but I think in most organizations at which I’ve worked in infosec, it would be premature to threat hunt, when we can’t even explain what our normal, day-to-day functioning looks like or ‘acts’ like.
Full disclosure: I am definitely a curmudgeon, so pointing out something like this should come as no surprise. I just think that a solid foundation – logging, access controls, privileged access management, regular audits on user permissions, and on and on – would be a far better use of our limited infosec practitioners’ time.
More to come.