Top 3 reasons for a Cyber Threat Hunting Solution

Ransomware LewisR todayApril 24, 2019 90 184 4

Background
share close

There are three key reasons for why threat hunting should be explicitly
included in the definition of detection processes:

First, threat hunting is distinct from automated detection. Automated
detection mechanisms, such as firewalls, IDS/IPS, SIEMs, and newer
advanced analytic tools continuously run in the background firing off alerts
using heuristics, matching algorithms, and statistical models. Threat
hunting, on the other hand, is a human-driven process that is designed to
look for the threats that automated systems miss. Hunters are
continuously innovating and adapting to new attacker techniques, and
often detecting attacks that sit in the gaps of automated systems.

The second reason for this explicit inclusion is that threat hunting is one of
the fastest-growing trends in cyber security and is rapidly becoming a
security staple for SOCs. In a recent industry study, 86% of security
professionals stated that their firms engaged in some form of threat
hunting. This number is likely to continue to rise as the industry
standardizes detection methodologies which best incorporate automated
and human-driven detection. Additionally, a 2017 Information Security
Community study found that 79% of information security staff feel that
threat hunting should or will be their top priority in the upcoming year
Finally, Gartner (a top IT research and advisory firm) is currently
developing research to solidify threat hunting as one of the key functions
of a SOC

Finally, threat hunting is critical to improving the efficiency and operational
effectiveness of modern SOCs. The value from manual hunts derives from
the fact that automated detection systems cannot catch 100 percent of
attacks. Instead of just being focused on one or two steps of the attack kill
chain (see: below) hunters are able to identify intruders at any stage of an
attack. Threat hunting allows analysts to mitigate the effect of breaches by
identifying them before adversaries are able to act upon their objectives.
In a survey of 494 organizations conducted by the SANS Institute, 52% of
respondents said that hunting techniques had found previously undetected
threats on their enterprise. Additionally, 74% of respondents stated that
threat hunting reduced their attack surfaces and 59% stated that threat
hunting improved the speed and accuracy of their responses to threats.

 

Image result for cyber threat kill chain

Written by: LewisR

Tagged as: , , , , , .

Rate it
Previous post

Similar posts

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *


  • hello@cyberwatch365.com
  • +44 (0) 203 744 7422