Follow the White Rabbit… if You Can…

CY4GATE – Cyber Threat Hunting

When the cyber protections don’t work, Cyber Threat Hunting seems the only solution able to mintain the cyber resiliency of a critical asset, starting from an hypotesis (something bad could be in place), followed by an investigation (this is what is going bad), up to the definition of an effective detection and response strategy (I know how to find it and then run the right response). This process must be continously applied in an increasingly evolving borderless context, where also the lifecycle of a threat hunting process must be continuously aligned with the attacker’s timeframe.

A batch-processing oriented Data-lake approach for patterns identification can solve partially the need, but still remains the issue related to the huge computational power needed to remain on-time, that cannot be solved only by unlimitedly increasing resources.

We’ll then introduce a novel approach to Cyber Threat Hunting, supported by some on-field experimented use cases, based on a full behavioral approach powered by statistical and AI models that can be combined with dynamic CoAs (Course of Actions), that can be redefined in relationship with the received feedbacks, and deceptive approaches able to support further validations and recover the required timings.