The Gamer Theory of Threat Hunting

July 12, 2018 | Kris Palmer

Teamwork. Determination. Satisfaction. Video gaming missions provide us with an escape from reality that is often viewed as simple and relaxing. However, the dedication required to conquer these complex missions goes largely unnoticed. The copious, and often draining, amounts of effort and cooperation applied to these missions is rewarded by overcoming the obstacles and completing the challenge. The teamwork, determination, and satisfaction of gaming missions are characteristics also visible in a unique approach of defense in the cybersecurity industry—threat hunting.

As hackers continue to bypass perimeter defense strategies, many organizations are shifting to iterative hunting exercises supported by threat intelligence operations. Threat hunting is based on the hypothesis that threats are actively adapting to and eluding defenses. The similarities that can be drawn between threat hunting and video gaming stem from the nature of their task: overcome obstacles to achieve an objective.

In gaming missions, the difficulty of challenges is programmed, largely remaining unchanged. With repetition, one only gets better and more likely to succeed. Similarly, individual threat actors often use the same set of proven techniques over time. By creating an iterative hunting process involving a threat intelligence ecosystem, hunters optimize threat response speed and success.

Still, the dynamic nature of threat actors makes hunting uniquely different to gaming in the aspect of difficulty. Threat hunters are tasked with identifying changes in attack trends and subsequently building threat model profiles of entities they encounter. While more static in nature, gaming missions require similar planning and collaboration between team members in order to achieve their goal.

Ultimately, the comparison between video gaming and threat hunting highlights their substantial correlation. Both require teamwork, determination, and ample effort in order to achieve an objective. All of this effort and coordination toward overcoming obstacles, from difficult levels to elusive threats, is rewarded with the satisfaction of success. For more information on this unique approach to cybersecurity and why we call it “hunt gaming,” check out my whitepaper, The Gamer Theory of Threat Hunting: A Unique Approach.

Kris Palmer
About the Author

Kris Palmer

Kris Palmer is currently a principal security engineer at Anomali. Previous to Anomali, Kris filled multiple roles at HP/ArcSight, first as a PS consultant in 2010 and then a Solution Architect on the ArcSight global SIEM team in the Security Services SOC division of HP Enterprise. From 2006-2010 he was a Security and Software engineer at Raytheon IIS division working with intelligence weapon systems. He served six years in the US Air Force working with various classified C2 and intelligence systems and networks to include telecom/SATCOM systems. Kris studied at the University of Texas in Austin for part of his undergraduate degree in computer science and also has a masters in business administration from University of Phoenix.

Get the latest threat intelligence news in your email.