Companies that are developing a threat hunting program need to change their mindset around how to detect threats, Cybereason CTO Yonatan Striem-Amit told Dark Reading last week. Threat hunting relies on human intuition to discover threats instead of using indicators of compromise and security tools, he said.
Striem-Amit's also suggested the organization think like the adversary. For example, if a security team is measured by how quickly they remediate incidents, attackers may also know this information and use it to their advantage.
“If I was running a hacking campaign, I would send a slew of known malware just to give you a lot of work. If you don’t have the habit of going down to the bottom of an event each time, I know you are going to be susceptible,” he said in the interview.
In SCMagazine, Striem-Amit discussed the software vulnerability that affected UEFI drivers used by Lenovo and HP laptops and the firmware on Gigabyte motherboards. He called the flaw "incredibly severe," noted that it shows how security risks increase as software becomes more complex. Striem-Amit also predicted that the exploit will eventually be a standard tool in an attacker's toolkit.