In part 1 of this series, we outlined the current state of cyber threat hunting as it was profiled in SANS’s recent survey of 464 companies on the handling of proactive cyber threat detection. In this section, we’ll discuss specifically Read More »
Monthly Archives: May 2016
In April, the SANS Institute published the results of the first threat hunting survey to date. The results were gathered from 464 security practitioners in a variety of fields (including financial, cybersecurity, defense contracting, and government organizations) on threat hunting and the role it plays in their security infrastructure. The survey sought to determine if and how organizations are currently hunting, how they feel about their present hunting maturity, and what they have planned for increasing their hunting capabilities in the future. The survey results come at a critical time – today, companies are starting to realize what SANS calls the “three absolute facts” of security: 1) companies cannot prevent every attack; 2) an organization’s network will, at some point, be compromised; and 3) 100% security simply does not exist. It’s imperative, then, that companies try to ramp up their detection capabilities as much as possible to minimize the impact and severity of inevitable cyber attacks.
In part 1 of this series, we outlined the current state of cyber threat hunting as it was profiled in SANS’s recent survey of 464 companies on the handling of proactive cyber threat detection. In this section, we’ll discuss specifically what types of hunting practices these companies use to track and remove threats in their systems, and we will take a look ahead to see how threat hunting will continue to grow in the future.
Talk to anyone in the DFIR Illuminati and one of the topics that always comes up is Hunting. Much like threat intelligence & string theory, people talk a lot about this, but nearly no one knows what it actually means.