2nd Edition

Tracking the trends and news for IT and IT Security

Paul

How Effective Is Threat Hunting For Organisations

shutterstock_627850055-1024x683.jpgHow Effective Is Threat Hunting For Organisations>
CXO Insight Middle East – Anthony Perridge
80% of respondents stated that attacks had become more sophisticated, however respondents also said unequivocally that threat hunting was paying dividends and increasingly being recognised for its value in identifying malicious actors already in the system. When asked âIn the last 12 months did your companyâs threat hunting achieve a goal of strengthening its defences against cyberattack and did the threat hunting find malicious cyberattack activity you would not have ordinarily found?â 88% of respondents said they are using it as part of their cybersecurity strategy and that it was proving effective with 86% saying it had strengthened their companyâs defences. However, the SANs report found that many organisations were tagging threat hunting activities onto the incident responderâs role. it tends to be beneficial to use incident responders when building up threat hunting operations. However, over time the incident response-led approach should transform into a dedicated threat hunting team. The report also found that there does appears to be a significant gap in the use of automated tools to aid in the curation of useful and applicable threat intelligence. And that most threat hunters are not full-time threat hunters but split their time with other responsibilities. The trend to staff threat hunting operations with incident responders and SOC analysts was also very prominent. While incident responders may be very familiar with the task of finding new, unknown threats, SOC analysts might have difficulties deviating from their routine of analysing alerts to actively searching for signs of a breach.

The report found that what threat hunters struggle most with are frequent context switches, as only a few respondents said that they never need to switch tools while doing their job. I found it surprising that half of the respondents said that they see no value in hunting for new or unknown threats because uncovering unknown threats is one of the main arguments for threat hunting, while daily threats can be met by a SOC.
Link: https://www.cxoinsightme.com/opinions/how-effective-is-threat-hunting-for-organisations/

Categories:

Tags: