For many years, we (the security community) fought the good fight against the adversaries attacking our
organizations’ systems. We applied patches for our operating systems and applications as quickly as feasible. We configured and reconfigured software to comply with security checklists and benchmarks while still providing the necessary functionality. We relied on antivirus software, firewalls, intrusion prevention systems, and other tools to prevent attacks.
It’s time to admit that the conventional approach to enterprise security is insufficient. We need to take a step back and reconsider our assumptions. Instead of focusing all our energy on reactive security and waiting for an alert, we should take a proactive approach to security, striving to find adversaries and purge them from our environments as quickly as possible.
This doesn’t mean that we throw away existing security controls for prevention; prevention is still incredibly important. But it does mean being more proactive in order to detect adversaries and evict them from our networks. The best way to accomplish the shift from a reactive to proactive posture is to hunt, which is the focus of this book.
Anyone who has responsibilities for securing or monitoring the security of systems and networks, detecting attacks, or responding to compromises will benefit from this book.
Views: 6
