i
This website uses cookies to offer you the best user experience and to permanently improve our online services. By continuing to use this website you agree to the use of cookies.
News & Events / News / Conduct proactive threat hunting to protect your operations

Conduct proactive threat hunting to protect your operations

If you are responsible for cybersecurity within your company, you will probably have developed a sort of professional paranoia. As a result, you will have ensured that all the correct technology is in place, checked the required firewalls are up and running, the Intrusion Detection Systems is delivering those false positives that you love to hate, and the most recent penetration test may not have calmed your nerves, even though it did find some small things of note.

You have all the processes in place, so everyone knows what to do when a breach is detected, or vulnerability discovered. So, what now? Do you sit and wait and let the technology and processes work it all out? Of course not. It is time to use the third leg of cybersecurity, people. You and your competent staff need to start `threat hunting’.

It has been a long-standing tradition that you should consider yourself hacked. But if you were, shouldn't the IDS have detected that, or the firewall prevented it? Experience tells you otherwise. You must apply the 80/20 rule. 80% of the threats will be taken care of by your automatic systems, while your experienced staff must start to look for the remaining 20%.

Threat hunting is about probing around your network and on your servers to find things that shouldn't be there. It is about finding the most advanced threats. Unlike penetration testing, which is about finding the ways in, this is about finding what is already there.

If I can make one recommendation, it is to have your staff get a pcap (packet capture) file of all the traffic that passes through a node and then have them analyse that data, until they know exactly what every packet means. Even if they don't find anything, it is a win-win scenario. Your staff gets more experienced, and you can sleep better knowing that you have secured your network a bit more.

Related posts
Education is an essential step in achieving a sustainable security posture
Retain data integrity with cryptographic checksums

Niklas Mörth, Westermo.
Niklas Mörth
Cybersecurity Product Manager

Catch up on the fundamentals of cybersecurity

Watch our series of industrial cybersecurity webinars where Westermo’s Cybersecurity Product Manager Niklas Mörth and Network Applications Experts Mikael Lindahl and Dr. Jon-Olov Vatn discuss the fundamentals for protecting your industrial networks. The webinar recordings are now available free on demand. No registration needed.

Watch the webinar recordings

Nuri Shakeer

International sales

Ask us about Industrial cybersecurity

Please enter a message

Please enter a valid email

Please enter a valid phone number

Contact Details

Please enter your email to download the file


Thank you! An email is on its way to your inbox.

Something went wrong! Please try again later.