Threat hunting
Threat hunting is the process of seeking out adversaries before they can successfully execute an attack. The concept of hunting for threats is not new, but many organizations are putting an increased emphasis on programmatic threat hunting in recent times due to malicious actors’ increasing ability to evade traditional detection methods.
This approach differs from many prevention- or detection-based security methods. It is a proactive technique that combines security tools, analytics, and threat intelligence with human analysis and instinct. It`s process typically starts with a hypothesis, developed through a security alert, risk assessment, penetration test, external intelligence, or some other discovery of anomalous activity, that a threat is present in your systems. Threat hunters will explore and test these hypotheses through a variety of investigative, analytical, or offensive activities, searching for latent threats that have not yet triggered detection.
The Current State : Benefits and Challenges
Some this progress techniques have been in practice for years, but this process as a dedicated component of enterprise information security programs is still an emerging trend. As a result, it`s programs and maturity levels can vary greatly from business to business. The SANS Institute conducted a survey on the current state of organizational threat hunting efforts and found that the majority of respondents reported success from their threat hunting programs. 75 percent of respondents stated that they reduced their attack surface by taking on a more aggressive stance with this progress, and 59 percent believed that it enhanced the speed and accuracy of their company’s incident response. All in all, 52 percent reported finding previously undetected threats via threat hunting.
However, the SANS survey also found that this emerging discipline still has a long way to come in many organizations. Four out of ten of those who responded to the survey didn’t even have a formal threat hunting program in place within their organizations and 88 percent felt that their threat hunting programs need improvements. In addition, 53 percent believed that their process was not sufficiently hidden from their adversaries, and 56 percent reported that they’re unsatisfied with the time required to hunt for threats.
