Threat hunting technique helps fend off cyber attacks
With data breaches making the news ever more frequently, businesses are on the look out for new ways to identify and guard against threats.
Cyber threat intelligence company DomainTools has released the results of a new survey conducted by the SANS Institute on the effectiveness of using threat hunting to aggressively track and eliminate cyber adversaries as early as possible.
According to the survey, adopters of this model reported positive results, with 74 percent citing reduced attack surfaces, 59 percent experiencing faster speed and accuracy of responses, and 52 percent finding previously undetected threats in their networks.
"With cyberattacks increasing exponentially each year, it's no surprise enterprises are attracted to threat hunting as a proactive multi-layered approach to discovering and mitigating cyber threats as early as possible," says Tim Chen, CEO of DomainTools. "As the findings note, successful threat hunting isn't necessarily about overhauling an existing cybersecurity program, it's about using the third-party data and technologies that most organizations already possess in order to maximize the chances of proactively finding, attributing and eliminating an adversary before the damage is done".
Though it's a relatively new approach to the early identification of cyber threats, 85 percent of enterprises say they are currently involved with some level of threat hunting. There are barriers to using the technique effectively though, 40 percent cite the need for a formal program and 52 percent a lack of skilled staff.
The top seven data sets that support threat hunting are IP addresses, network artifacts and patterns, DNS activity, host artifacts and patterns, file monitoring, user behavior and analytics, and software baseline monitoring. The most common trigger for launching a hunt is an anomaly or anything that deviates from normal network behavior according to 86 percent of respondents.
However, the survey also reveals that only 23 percent of businesses have hunting processes that are invisible to attackers, meaning that the majority of organizations are at risk from exposing internal hunting procedures in a way that benefits the attacker.
You can learn more in the full report which is available from the DomainTools website.