Return to search

Discovering U.S. Government Threat Hunting Processes And Improvements

<p><strong>INTRODUCTION:</strong> Cyber Threat Hunting (TH) is the activity of looking for potential</p>
<p>compromises that other cyber defenses may have missed. These compromises cost organiza-</p>
<p>tions an estimated $10M each and an effective Threat Hunt can reduce this cost. TH is a</p>
<p>new discipline and processes have not yet been standardized. Most TH teams operate with</p>
<p>no defined process. This is a problem as repeatable processes are important for a mature</p>
<p>TH team.</p>
<p><strong>OBJECTIVES:</strong> This thesis offers a Threat Hunt process as well as lessons learned</p>
<p>derived from government TH practice.</p>
<p><strong>METHODS:</strong> To achieve this I conducted 12 interviews, 1 hour in length, with govern-</p>
<p>ment threat hunters. The transcripts of these interviews were analyzed with process and</p>
<p>thematic coding. The coding was validated with a second reviewer.</p>
<p><strong>RESULTS:</strong> I present a novel TH process depicting the process followed by government</p>
<p>threat hunters. Common challenges and suggested solutions brought up by threat hunters</p>
<p>were also enumerated and described. The most common problems were minimal automation</p>
<p>and missing measures of TH expertise. Challenges with open questions were also identified.</p>
<p>Open questions include: determining how to identify the best data to collect, how to create</p>
<p>a specific but not rigid process and how to measure and compare the effectiveness of TH pro-</p>
<p>cesses. Finally, subjects also provided features that indicate expertise to TH team members</p>
<p>and recommendations on how to best integrate newer members into a TH team.</p>
<p><strong>CONCLUSION:</strong> This thesis offers a first look at government TH processes. In the short</p>
<p>term, the process recommendations provided in this thesis can be implemented and tested.</p>
<p>In the long term, experiments in this sensitive context remain an open challenge.</p>

  1. 10.25394/pgs.22677418.v1
Identiferoai:union.ndltd.org:purdue.edu/oai:figshare.com:article/22677418
Date24 April 2023
CreatorsWilliam Pierce Maxam III (15339184)
Source SetsPurdue University
Detected LanguageEnglish
TypeText, Thesis
RightsCC BY 4.0
Relationhttps://figshare.com/articles/thesis/Discovering_U_S_Government_Threat_Hunting_Processes_And_Improvements/22677418

Page generated in 0.0019 seconds