What Exactly is Threat Hunting – and Why Does it Matter?
Naturally, we all want to detect every threat to our network as soon as it manifests itself. That’s why we spend a ton of money every year on tools that detect things automatically.
But what do we do when automatic detection isn’t enough? Perhaps there’s a new attack that doesn’t yet have a detection signature, or maybe the threat you’re after can’t really be found using traditional detection methods. Are the tools you use less effective than you assumed they were? Do they struggle to keep up with the evolution of attacker techniques?
These scenarios are great examples of where threat hunting comes into play. With hunting, you send your most experienced analysts into the unknown, searching for threats that the machines failed to find. You send your most experienced because, to be successful, the hunter is going to need to know how to coax data out of your toolset. They’re also going to need an intimate knowledge of different types of malware, exploits and network protocols to navigate that vast heap of data consisting of logs, metadata and PCAP.
Dig Deeper with These Resources
Real World Incidents Detected and Stopped by Awake
Organizations across industries use Awake every day to identify and stop modern threats from both internal and…
EMA Top 3 Report and Decision Guide for Security Analytics
This Enterprise Management Associates (EMA) report identifies the leading priorities organizations face with resolving challenges and meeting…