Taking a proactive approach to cybersecurity is critical for Federal agencies in this robust and complex digital landscape. One way to do this is through threat hunting, which involves actively searching for and identifying threats that may have evaded traditional security measures. However, threat hunters often struggle to “show value” to the broader organization. This can be attributed to a few common reasons: 

“We didn’t find anything”: Threat hunters, by definition, are hunting for cyber threats assumed to be in the environment. However, assumptions are just that – there is no way to know if an adversary has bypassed your security measures until you hunt for them and prove it. Despite this, some may mistakenly assume their threat hunters are ineffective simply because they did not find evidence of an APT during every hunt. 

Intangible Nature of Prevention: Prevention is often seen as the primary goal of cybersecurity efforts. Threat hunting, however, is more about identifying and mitigating threats that have already penetrated defenses or are evading detection. This proactive approach can be harder to quantify in terms of direct ROI compared to traditional security measures like firewalls or antivirus software.

Resource Intensiveness: Effective threat hunting requires skilled analysts, advanced tools, and substantial resources. Organizations may struggle to justify the investment in threat hunting activities, especially if they don’t see immediate or tangible results. 

Ultimately, showing value in threat hunting can be done through effective, precise communication and training your threat hunters to be better observers while hunting. Threat hunters must answer three things:  

With a properly scoped hunt hypothesis, sound hunt analytics, and reliable data, threat hunters can confidently report their findings. Most times threat hunters will not find evidence of the targeted APT in the environment – and that is understandable. The importance of this outcome is that it “proves the negative” or guarantees that based on the hunt scope and criteria, the threat hunt team can definitively claim that evidence of the targeted APT was not found. Proving the negative can also provide insights into where the organization’s defenses are strong and effective. 

During a threat hunt, hunters will encounter numerous security gaps. Misconfigurations, unpatched systems, inadequate access controls, shadow IT, lack of security visibility, weak authentication mechanisms, anomalous behaviors, and even insider threats are all security gaps threat hunters commonly observe. A good threat hunting team will make these observations — a great one will log them, report them, and recommend controls or other remediations to close said gaps. Communicating these observations effectively enables improved security posture, making it more difficult for attackers to penetrate cyber defenses in the future. 

At Edgewater, we recently hunted APT29 (a.k.a. Midnight Blizzard) for one of our federal clients. This hunt focused on discovering evidence of Midnight Blizzard exploiting accounts within the client’s development and production cloud tenants. While we did observe several accounts with unusual authentication activity and a few high-risk cloud applications that had high permission level access, thankfully, we were able to prove the negative and definitively claim that Midnight Blizzard had not compromised our client’s information. Additionally, Edgewater’s experts provided detailed recommendations to the client to improve their cloud account password spraying detection capabilities using machine learning, and that they immediately enable and enforce MFA on all accounts in their development cloud tenants. 

At Edgewater, our team of experts works together to review the data, share insights, and develop strategies for improving our Federal client’s security posture. We take this responsibility seriously and are committed to using the insights we gain to improve defenses and protect the missions of the Federal agencies we serve.  

Back to All News

Further Reading

The Digital Battlefront – Utilizing Purple Teaming to Uncover Cybersecurity Gaps

In today’s rapidly evolving cyber threat landscape, the traditional approach of having separate offensive and defensive security teams is no […]

The Digital Battlefront – How Threat Hunting Reports Shape Cyber Defense 

Taking a proactive approach to cybersecurity is critical for Federal agencies in this robust and complex digital landscape. One way […]

Edgewater Elevates Rodger Jones to President

FREDERICK, Md. (May 1, 2024) — Today, Edgewater Federal Solutions, Inc. (Edgewater) announces that Rodger Jones has been promoted to […]

Edgewater Awarded EIA EOP V IDIQ

FREDERICK, Md. (April 18, 2024) — Edgewater Federal Solutions, Inc. (Edgewater), a leading IT services federal contractor, announces that it […]

Edgewater Promotes Hank Jackson to COO 

FREDERICK, Md. (April 16, 2024) — Edgewater Federal Solutions, Inc. (Edgewater) proudly promotes Hank Jackson to Chief Operating Officer (COO), […]

Edgewater Taps Shaun Poulton as the Company’s next CTO

FREDERICK, Md. (April 8, 2024) — Edgewater Federal Solutions, Inc. (Edgewater) announces that Shaun Poulton will head the company’s technology […]

The Digital Battlefront – The Need for a Quick Response against State-Sponsored Cyber Attacks 

In today’s digital age, cyber threats are constantly evolving, and Federal agencies are particularly vulnerable to attacks by State-sponsored advanced […]

Edgewater Promotes Brian Carr to CFO 

FREDERICK, Md. (April 1, 2024) — Edgewater Federal Solutions, Inc. (Edgewater) is pleased to announce the promotion of Brian Carr […]

The Digital Battlefront – Is your Agency Prepared for a State-Sponsored Cyber Attack?

State-sponsored advanced persistent threats (APTs) are becoming more emboldened in their cyber attacks. With significant resources at their disposal, including […]

Edgewater Ranks No. 73 on Inc. Magazine’s List of the Mid-Atlantic Region’s Fastest-Growing Private Companies 

Frederick, Md. (February 27, 2024) – Inc. magazine today revealed that Edgewater Federal Solutions, Inc. is No. 73 on its […]

Our People…Your Edge

We didn’t create our outstanding team by accident.

Our advantage comes from a consistent focus on attracting highly talented and dedicated people – and a commitment to honoring and empowering them so that they stay. With meaningful work and industry-leading training, compensation, and benefits, Edgewater careers are enviable so that our people are our edge.

They’ve gone above and beyond my expectations of a company.  They recognize me as a valuable person, not just an employee.  They recognize and reward people for outstanding performance, and let us know we’re an important part of the team by sending personal notes on birthdays and anniversaries.

- David Stubblefield