Advanced Threat Protection in the Modern Age: An Interview with a Threat Hunter

Reading time: 9 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

These days, the line between our online and offline lives has become indistinguishable. Our home lives, professional work, community services, economic prosperity and even national security are all connected to and impacted by the internet. This is why cybersecurity must be everyone’s priority. To help people understand what they can do to better protect themselves or their organizations, we sat down with one of Bitdefender’s own cybersecurity experts, Tyler Baker for a Q&A.

Tyler works behind the scenes in our Cyber Intelligence Fusion Cell – a highly sophisticated security operations center (SOC) that supports Bitdefender’s Managed Detection and Response (MDR) services. In his role as Threat Intelligence Manager, Tyler draws upon his previous experience in military intelligence as well as his civilian career, to hunt down and mitigate threats in customer environments. As a threat hunter, Tyler goes beyond what cybersecurity technologies and tools can detect. He leverages his expertise and knowledge of how cybercriminal gangs behave and what their motives are, in order to add important context around threats, which enables Bitdefender’s MDR services to protect our customers better than any cybersecurity technology alone ever could.

This is the first in a series on the Cybersecurity Heroes who power Bitdefender and our market-leading solutions and services. Read on, and watch the video below to learn more about Tyler Baker and what it’s like to be a Threat Hunter:

What exactly is a threat hunter?

Tyler: Threat hunters are the people working in a SOC who actively monitor our MDR customers’ environments through the lens of all the security tools they have in place on their computers, servers, endpoints and clouds. Bitdefender’s threat hunters evaluate all the detections and alerts from these security tools, in addition to our own threat intelligence, to look for variants or anomalies in the environment. We also apply our knowledge of each individual customer’s environment to help determine whether an anomaly is truly a threat, or simply an unusual but harmless behavior.

This is one of the most important aspects of threat hunting – really understanding our customers’ environments so we can discern legitimate threats from benign anomalies. We call this baselining, and it’s the first thing we do when we begin providing MDR services at a new customer site. Every organization is different, so we familiarize ourselves with not only their technology stack and the tools they have in place, but also the typical behaviors of their people so we can understand what “normal” looks like for their environment.

Beyond that, we also take into consideration who they are as a company and what specific threats they are most likely to face. For example, some organizations are more likely to have their sensitive data targeted for theft; others might be more likely to have their operations shut down in order to cause disruptions in a particular industry or supply chain. We consider the motives behind why a cybercriminal group might target that organization specifically and what tactics they are most likely to use.

As a threat hunter, our knowledge of the customer environment and of cybercriminals’ motives and tactics enables us to provide contextual, relevant intelligence that helps our customers understand what’s happening in their environment. When a threat is detected, we help them take the necessary steps to protect their security posture.

What do you like most about your role in MDR?

Tyler: What I like most about my role as a threat hunter, and at Bitdefender specifically, is our focus on the customer. When we detect a threat, we don’t simply alert the customer and leave them to respond on their own. As a threat hunter, I’m talking with our customers every day, giving them a real-time understanding of their environment and what’s happening in it. Our team provides actionable advice and recommendations to our customers for how to mitigate the threat. We get to provide the context that is needed to make their security posture stronger. For example, I can tell a customer why they are being targeted by a particular group and help them establish policies and processes that can prevent a similar attack from happening in the future.

A great example of this occurred with one of our MDR customers that is a large religious organization in the U.S. Our Cyber Intelligence Fusion Cell had early knowledge of a newly-discovered advanced persistent threat (APT) called Red Delta that was targeting religious organizations in other countries. We proactively alerted our customer that they could be targeted next. We shared with them the indicators of compromise (IOC) associated with that threat and examples of the types of phishing emails used, so they knew what to be on the lookout for. With our help, they were able to protect themselves before an attack occurred. They were extremely thankful for our proactiveness. Getting to work closely with our customers and knowing that I’ve played an important part in protecting them is what I like best about my role.

In light of Cybersecurity Awareness Month, what would you like people to know about today’s threat landscape?

Tyler: Cybercriminal gangs have evolved to become much more sophisticated. They’re leveraging artificial intelligence (AI) and Ransomware as a Service (RaaS) to spread their attacks further and get more victims. But there are tangible steps that organizations and individuals can take in order to better protect themselves and develop stronger resiliency.

It’s very important for organizations to educate their employees about potential threats. Understand what your organization’s specific threat landscape looks like and build an education program that informs employees what to look for. Arm them with cybersecurity best practices and refresh their training regularly. All this will help limit attack vectors and reduce the risk of a threat successfully making its way inside.

What can organizations do to develop stronger cybersecurity resiliency?

Tyler: The number one thing is to understand your environment. Know who’s most likely to target you and why, as well as what tactics they’re most likely to use. This will help you understand where to focus your efforts as you make decisions about the technologies, processes and teams of people you’ll need to have in place. Really look at your environment and ask yourself if the security team you have in-house is enough, or if you should reach out to a third-party partner like an MDR service to augment your team. Then, put a plan in place for how you’ll respond when a threat is detected. With the right plan and procedures in place, you’ll be able to react quicker and reduce the response time from weeks or days, to just hours. All this will help ensure that you’re not only prepared to prevent attacks, but also to respond more quickly and minimize their damage when they do happen. Ultimately, cyber threats are always changing. Organizations need to make sure they are using technologies and services that are built for resiliency and are constantly evolving to meet these changing threats.

Learn more about how MDR can help businesses keep pace with the dynamic threat landscape.