Threat Hunting, Network Security

How to run a threat-hunting program while employees work from home

The digital transformation triggered by the pandemic meant many organizations scrambled to enable employees to work from home. 

“Speed is the natural enemy of security,” Casey Ellis, the founder, chairman and CTO of Bugcrowd, told SC Media Senior Reporter Joe Uchill during a virtual conference by CyberRisk Alliance.

So then amid this new normal, how can threat hunters do their jobs to detect dangers to corporate security solutions, when many of their employees are working from home and the enterprise doesn’t own the infrastructure? There’s always going to be corporate infrastructure that provides information, such as VPN, antivirus, and endpoint detection and response (EDR), said Ellis.

From a corporate IT standpoint, he treats work-from-home the same as employees working from cafes or hotels, where multiple people intermingle on the same network. Any individual in that scenario can present risk, with adversaries targeting access by way of family members whose level of personal defense is lower.

Click here for access to the CyberRisk Alliance “Threat Hunting and Detection: Locating and isolating threat actors in your network” virtual conference on demand.

“I think the same is true of basically everyone who's working from home who is a target of interest at this point,” said Ellis. “It's really an extension of the corporate network.”

And as companies begin to come to terms with the fact that the workforce will likely work from home or in a hybrid model well into the future, Ellis said now is a good time to think about the various threat scenarios that emerged over the last year — such as SolarWinds and other incidents — and whether they may have been missed with employees at home offices. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.