Next-Generation Technologies & Secure Development , Threat Hunting , Video

From Reactive to Proactive Threat Hunting

Robert O'Leary of Binalyze on Overcoming Challenges in Traditional Threat Hunting
Robert O'Leary, senior solutions architect, Binalyze

Proactive threat hunting has transformed the cybersecurity focus from reacting to alerts to anticipating and preventing threats. Traditional threat hunting methods often overwhelm analysts with numerous alerts and telemetry data, causing delayed responses, said Robert O'Leary, senior solutions architect at Binalyze.

See Also: Revealing the threat landscape with the 2024 Elastic Global Threat Report

Automated threat hunting streamlines processes by collecting relevant data and then "creates a collection of artifacts from the operating system," O'Leary said. This approach enables faster remediation and prevents damage from threats.

"For instance, you find malware on a machine that gets an alert. You can leverage YARA rules to find that hash value on every machine in your environment," O'Leary said. "You can triage every machine. You don't have to collect anything. Just go out and identify whether the malware exists anywhere in your environment. If it does, you isolate those machines, remediate them and get rid of it [the malware], even if the file name has been changed."

In this video interview with Information Security Media Group at the Fraud, Security and Risk Management Summit, O'Leary also discussed:

  • The time-consuming nature of traditional threat hunting;
  • Using AI to write YARA scripts to find multiple hash values;
  • How digital forensics can significantly affect law enforcement and cybersecurity efforts.

O'Leary started his career with the New Jersey State Police, serving as a general road duty trooper before transitioning to undercover narcotics work. He began his cybersecurity career in digital forensics, analyzing data from seized cellphones to build criminal cases.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.