Next-Generation Technologies & Secure Development , Threat Hunting , Video
From Reactive to Proactive Threat Hunting
Robert O'Leary of Binalyze on Overcoming Challenges in Traditional Threat HuntingProactive threat hunting has transformed the cybersecurity focus from reacting to alerts to anticipating and preventing threats. Traditional threat hunting methods often overwhelm analysts with numerous alerts and telemetry data, causing delayed responses, said Robert O'Leary, senior solutions architect at Binalyze.
See Also: Revealing the threat landscape with the 2024 Elastic Global Threat Report
Automated threat hunting streamlines processes by collecting relevant data and then "creates a collection of artifacts from the operating system," O'Leary said. This approach enables faster remediation and prevents damage from threats.
"For instance, you find malware on a machine that gets an alert. You can leverage YARA rules to find that hash value on every machine in your environment," O'Leary said. "You can triage every machine. You don't have to collect anything. Just go out and identify whether the malware exists anywhere in your environment. If it does, you isolate those machines, remediate them and get rid of it [the malware], even if the file name has been changed."
In this video interview with Information Security Media Group at the Fraud, Security and Risk Management Summit, O'Leary also discussed:
- The time-consuming nature of traditional threat hunting;
- Using AI to write YARA scripts to find multiple hash values;
- How digital forensics can significantly affect law enforcement and cybersecurity efforts.
O'Leary started his career with the New Jersey State Police, serving as a general road duty trooper before transitioning to undercover narcotics work. He began his cybersecurity career in digital forensics, analyzing data from seized cellphones to build criminal cases.