{"id":3033,"date":"2020-05-27T12:44:57","date_gmt":"2020-05-27T16:44:57","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3033"},"modified":"2020-05-27T12:45:57","modified_gmt":"2020-05-27T16:45:57","slug":"changing-siem-from-reactive-to-proactive-with-threat-hunting","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/","title":{"rendered":"Changing SIEM From Reactive to Proactive with Threat Hunting"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-2895\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\" alt=\"Changing SIEM From Reactive to Proactive with Threat Hunting\" width=\"800\" height=\"480\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation-300x180.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation-768x461.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation-450x270.jpg 450w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation-135x81.jpg 135w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">What does it mean to change your SIEM solution from reactive to proactive? How does threat hunting help that transition in business cybersecurity and <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener noreferrer\">SIEM<\/a>?\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">SIEM provides critical capabilities to organizations\u2019 cybersecurity policies. In fact, it offers the power of effective log management; this collects security events from disparate network locations and compiles them in a centralized database. Additionally, it often normalizes this data, facilitating security analysis and monitoring. Therefore, SIEM can help find cyber incidents hiding among the security events across the IT environment.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Moreover, upon detecting a potential security event, SIEM solutions generate a security alert. These alerts direct IT security teams to investigate and possibly discover ongoing breaches, speeding their incident response.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, as effective as this can prove, this still means business use SIEM reactively. What does it take to transition SIEM from reactive to proactive?\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/> <\/span><b>Threat Hunting Changes SIEM From Reactive to Proactive<\/b><\/h2>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Here\u2019s the problem with reactive cybersecurity; it always leaves your IT security team on the backfoot. Preventative tools like firewalls and antivirus often prove ineffective against barring malware and other external threats; thus your IT security team may face a deluge of threats on any given day.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Also, the typical SIEM solution may generate dozens if not hundreds of alerts each day, which may stress out IT security teams. They could slog through an unknown number of false positives before ever uncovering a legitimate threat, wasting their time or resources. In other words, because SIEM is often treated as reactive rather than proactive, your IT security team faces greater challenges.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">How does threat hunting help the transition to proactive? First, by its nature, threat hunting works to discover threats prior to an alert triggering. Additionally, focusing on threat hunting changes the attitude of your cybersecurity culture. It embraces an attitude that your enterprise has already been hacked, rather than waiting for an attack. This mentally can improve your security posture and how you treat potential signs of a security incident; your team may take \u201cunusual\u201d occurrences much more seriously if they automatically assume it indicates a breach.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Above all, threat hunting aggressively tracks and eliminates digital attacks in corporate networks that reduce potential data exposures and overall risk.\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>How to Facilitate Threat Hunting<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">First, to do threat hunting optimally, you need a team of threat hunters. You can operate this out of your security operations center or in a more decentralized fashion, depending on your resources. However, you do need to invest resources to help your hunters. This may involve providing your team with the proper tools via SIEM, and it may involve more human considerations. For example, cybersecurity is a 24\/7 responsibility, but humans don\u2019t function that way. You may wish to consider flexible hours and schedules, benefits, and other perks to keep your team\u2019s morale high.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">More technically, you need to ensure you have the tools to make threat hunting possible. This includes in-depth monitoring and patch management. Next-generation SIEM can also cut through false positives, which reduces the noise faced by many threat hunting teams.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">You can learn more about SIEM and the transition from reactive to proactive, in our <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener noreferrer\">SIEM Buyer\u2019s Guide<\/a>.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/>\u00a0\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What does it mean to change your SIEM solution from reactive to proactive? How does threat hunting help that transition in business cybersecurity and SIEM?\u00a0 SIEM provides critical capabilities to organizations\u2019 cybersecurity policies. In fact, it offers the power of effective log management; this collects security events from disparate network locations and compiles them in [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2895,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[353,95,112,86,1324,1325,21,57,22,347,373],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Changing SIEM From Reactive to Proactive with Threat Hunting<\/title>\n<meta name=\"description\" content=\"What does it mean to change your SIEM solution from reactive to proactive? How does threat hunting help that transition in business cybersecurity and SIEM?\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Changing SIEM From Reactive to Proactive with Threat Hunting\" \/>\n<meta property=\"og:description\" content=\"What does it mean to change your SIEM solution from reactive to proactive? How does threat hunting help that transition in business cybersecurity and SIEM?\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-27T16:44:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-27T16:45:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"480\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/\",\"name\":\"Changing SIEM From Reactive to Proactive with Threat Hunting\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\",\"datePublished\":\"2020-05-27T16:44:57+00:00\",\"dateModified\":\"2020-05-27T16:45:57+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"What does it mean to change your SIEM solution from reactive to proactive? How does threat hunting help that transition in business cybersecurity and SIEM?\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\",\"width\":800,\"height\":480,\"caption\":\"More Expert Commentary and Coverage of the GetHealth Exposure\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Changing SIEM From Reactive to Proactive with Threat Hunting\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Changing SIEM From Reactive to Proactive with Threat Hunting","description":"What does it mean to change your SIEM solution from reactive to proactive? How does threat hunting help that transition in business cybersecurity and SIEM?\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/","og_locale":"en_US","og_type":"article","og_title":"Changing SIEM From Reactive to Proactive with Threat Hunting","og_description":"What does it mean to change your SIEM solution from reactive to proactive? How does threat hunting help that transition in business cybersecurity and SIEM?\u00a0","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2020-05-27T16:44:57+00:00","article_modified_time":"2020-05-27T16:45:57+00:00","og_image":[{"width":800,"height":480,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/","name":"Changing SIEM From Reactive to Proactive with Threat Hunting","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg","datePublished":"2020-05-27T16:44:57+00:00","dateModified":"2020-05-27T16:45:57+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"What does it mean to change your SIEM solution from reactive to proactive? How does threat hunting help that transition in business cybersecurity and SIEM?\u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg","width":800,"height":480,"caption":"More Expert Commentary and Coverage of the GetHealth Exposure"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/changing-siem-from-reactive-to-proactive-with-threat-hunting\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Changing SIEM From Reactive to Proactive with Threat Hunting"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3033"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3033"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3033\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/2895"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}