Skilled threat hunters can play a dual role for organizations, hunting for threat actors as well as ensuring budget is directed at tools and technology that will bolster the hunting capabilities, according to the SANS 2023 Threat Hunting survey. However, a lack of skilled staff is hampering the success of threat hunting efforts, according to the global survey of 564 respondents drawn from SOC analysts, security managers and administrators.
Adding to the task, threat hunters themselves are seeking more training, education, and support from management, the survey has found. As CISOs look ahead to 2024 and the cybersecurity challenges it will bring, what do they need from threat hunting teams and how should threat hunters themselves look to strengthen their skill set?
Technical skills for today’s threat analysts and how they’re evolving
Threat analysts require a blend of traditional and modern technical skills and all the experts speaking to CSO say that Python is indispensable for conducting efficient data analysis. Other important languages and tools to know include C, C++, JavaScript, Ruby on Rails, SQL, PowerShell, Burp Suite, Nessus, and Kali Linux. Foundational knowledge in networking and systems, data analysis skills, knowledge of cloud architectures, and reverse engineering are also regarded as useful.
Threat hunters need a general disposition towards researching complex problems with limited details, solving puzzles and evaluating risks. The task has, however, become more challenging for several reasons, according to Jake Williams, independent security consultant, IANS faculty member, and former senior SANS instructor. “As our perimeter defenses, like endpoint detection and response, have improved and threat actors have gotten better, hunting has become harder. It’s more advanced and requires more skills, and typically, it’s looking for anomalies in data,” he tells CSO.
Familiarity with threat intelligence platforms like MISP and security information and event management (SIEM) tools like Splunk, LogRythm, and ManageEngine are needed to identify and check exposure to threats, according to BugCrowd director of cybersecurity at bug bounty platform Sajeeb Lohani. “And working knowledge of the MITRE ATT&CK framework can help identify different tactics and techniques used during certain attacks. It can help the analyst point out different patterns of attack that others may miss,” Lohani tells CSO. Newer lightweight tools like Wazuh are becoming more prevalent to help identify and manage threats as the rise of cryptocurrencies has introduced mining activities into cybersecurity concerns.
Don’t overlook the value of soft skills in threat hunting
In addition to technical prowess, soft skills are equally important. For instance, the ability to succinctly explain threats to various parties is crucial, while attention to detail, analytical thinking, stress management, creativity, and teamwork are all seen as pivotal skills for the modern threat hunter.