Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Beyond detection: Uncovering unknown threats
Cyber Security: A Peer-Reviewed Journal,
7
(1),
6-15
(2023)
Abstract
Threat management is essential for ensuring an organisation’s security, but traditional strategies often only address known threats, leaving the organisation vulnerable to unknown threats. To be well equipped against advanced cyberattacks, a proactive approach beyond detection that uncovers unknown and emerging threats is necessary. This paper proposes a comprehensive approach to threat management involving the partnership between the threat detection, threat hunting, threat intelligence and threat exposure teams. Various approaches for hunting unknown threats are explored, including simulation, forensics, threat modelling, incident pivoting, deception, and a process to hunt once and automate. Insights detailed in this paper will also help organisations make informed decisions on resources and practices around threat hunting. The proposed strategy emphasises the need for a proactive and iterative approach to threat management, allowing organisations to stay ahead of adversaries and be prepared for unknown threats.
Keywords: threat hunting; threat detection; unknown threats; data breach; threat management
The full article is available to subscribers to the journal.
Author's Biography
George Chen leads the Threat Hunting function at PayPal and its subsidiaries, specialising in active defence and using innovative approaches to detect unknown threats. He has engineered hundreds of security detection alerts, built numerous defence capabilities and filed over 40 security patents. George has presented at Black Hat, SANS Webcast, BSides, UNODC and teaches at two universities and training institutes. He holds a Master of Computing (InfoSec) from the National University of Singapore, Bachelor of Science (InfoSys) from the Singapore Management University and several cyber security certifications, including CISSP, OSCP and GNFA. George does bug bounty in his free time and has a CVE with Apple. Recently, he has also published two children’s books on cyber security awareness, distributed for free via a non-profit organisation.
