Taking a proactive approach to cybersecurity is critical for Federal agencies in this robust and complex digital landscape. One way to do this is through threat hunting, which involves actively searching for and identifying threats that may have evaded traditional security measures. However, threat hunters often struggle to “show value” to the broader organization. This can be attributed to a few common reasons: 

“We didn’t find anything”: Threat hunters, by definition, are hunting for cyber threats assumed to be in the environment. However, assumptions are just that – there is no way to know if an adversary has bypassed your security measures until you hunt for them and prove it. Despite this, some may mistakenly assume their threat hunters are ineffective simply because they did not find evidence of an APT during every hunt. 

Intangible Nature of Prevention: Prevention is often seen as the primary goal of cybersecurity efforts. Threat hunting, however, is more about identifying and mitigating threats that have already penetrated defenses or are evading detection. This proactive approach can be harder to quantify in terms of direct ROI compared to traditional security measures like firewalls or antivirus software.

Resource Intensiveness: Effective threat hunting requires skilled analysts, advanced tools, and substantial resources. Organizations may struggle to justify the investment in threat hunting activities, especially if they don’t see immediate or tangible results. 

Ultimately, showing value in threat hunting can be done through effective, precise communication and training your threat hunters to be better observers while hunting. Threat hunters must answer three things:  

With a properly scoped hunt hypothesis, sound hunt analytics, and reliable data, threat hunters can confidently report their findings. Most times threat hunters will not find evidence of the targeted APT in the environment – and that is understandable. The importance of this outcome is that it “proves the negative” or guarantees that based on the hunt scope and criteria, the threat hunt team can definitively claim that evidence of the targeted APT was not found. Proving the negative can also provide insights into where the organization’s defenses are strong and effective. 

During a threat hunt, hunters will encounter numerous security gaps. Misconfigurations, unpatched systems, inadequate access controls, shadow IT, lack of security visibility, weak authentication mechanisms, anomalous behaviors, and even insider threats are all security gaps threat hunters commonly observe. A good threat hunting team will make these observations — a great one will log them, report them, and recommend controls or other remediations to close said gaps. Communicating these observations effectively enables improved security posture, making it more difficult for attackers to penetrate cyber defenses in the future. 

At Edgewater, we recently hunted APT29 (a.k.a. Midnight Blizzard) for one of our federal clients. This hunt focused on discovering evidence of Midnight Blizzard exploiting accounts within the client’s development and production cloud tenants. While we did observe several accounts with unusual authentication activity and a few high-risk cloud applications that had high permission level access, thankfully, we were able to prove the negative and definitively claim that Midnight Blizzard had not compromised our client’s information. Additionally, Edgewater’s experts provided detailed recommendations to the client to improve their cloud account password spraying detection capabilities using machine learning, and that they immediately enable and enforce MFA on all accounts in their development cloud tenants. 

At Edgewater, our team of experts works together to review the data, share insights, and develop strategies for improving our Federal client’s security posture. We take this responsibility seriously and are committed to using the insights we gain to improve defenses and protect the missions of the Federal agencies we serve.  

Back to All News

Further Reading

Revolutionizing Data with AI-Driven Tagging 

In the ever-evolving data management landscape, quickly finding and relating information is paramount. By harnessing the power of open-source AI […]

Case Study: Hunting for Midnight Blizzard to Safeguard a Global Scientific Research Organization

Dangerous organizations are becoming more emboldened in their cyberattacks. Armed with an arsenal of powerful malware tools, expertise of their […]

Edgewater Named Elev8 GovCon Honoree for the 2nd Time

Frederick, Md. (October 8, 2024) – For the second year, Edgewater Federal Solutions, Inc. (Edgewater) is recognized as an OrangeSlices’ […]

Edgewater Federal Solutions to Be Featured on Trending Today on A&E

Frederick, MD – September 18, 2024 – Edgewater Federal Solutions, a leading provider of innovative IT and cyber solutions, is […]

For the 6th Time, Edgewater Makes the Inc. 5000  at No. 2297  

Frederick, Md. (August 13, 2024) – Inc. revealed today that Edgewater Federal Solutions, Inc. (Edgewater), a leading IT and cybersecurity […]

Edgewater Promotes Phillip Lopez to VP, General Manager

Frederick, Md. (August 8, 2024) – Today, Edgewater Federal Solutions, Inc. (Edgewater) proudly announces the promotion of Phillip Lopez to […]

Edgewater Promotes Chris Christianson to CISO 

Frederick, Md. (June 26, 2024) — Today, Edgewater Federal Solutions, Inc. (Edgewater) announces that Chris Christianson has been promoted to […]

For the 7th year, The Washington Post names Edgewater a 2024 Top Washington-area Workplace

Frederick, Md. (June 21, 2024) – Edgewater Federal Solutions, Inc. (Edgewater), a leading technology and cybersecurity federal contractor, has been […]

The Digital Battlefront – Utilizing Purple Teaming to Uncover Cybersecurity Gaps

In today’s rapidly evolving cyber threat landscape, the traditional approach of having separate offensive and defensive security teams is no […]

The Digital Battlefront – How Threat Hunting Reports Shape Cyber Defense 

Taking a proactive approach to cybersecurity is critical for Federal agencies in this robust and complex digital landscape. One way […]

Our People…Your Edge

We didn’t create our outstanding team by accident.

Our advantage comes from a consistent focus on attracting highly talented and dedicated people – and a commitment to honoring and empowering them so that they stay. With meaningful work and industry-leading training, compensation, and benefits, Edgewater careers are enviable so that our people are our edge.

I have been working at Edgewater as a Configuration Manager for over 5 years. The job has been challenging, rewarding and has provided an environment for professional growth. As an on-sight contractor, I have been working with a team of seasoned professionals who have provided both technical expertise and a warm friendly environment.

- Barry Cohen