The Benefits and Challenges of Threat Hunting

Companies of all sizes and across every industry struggle to secure their networks and protect their data every day. When it comes to dealing with active threats, however, most of the effort is reactive—it revolves response once a compromise has occurred. However, the 2018 Threat Hunting Report from Cybersecurity Insiders—sponsored by Alert Logic—shows that there is increasing momentum to be more proactive about security with threat hunting.

The purpose of any cybersecurity initiative is to protect network resources, applications, and data from compromise by internal or external attackers. Many advanced or sophisticated attacks are prolonged and patient, though. They are able to fly under the radar of normal security controls and threat detection while the attackers gain a foothold in the network and conduct reconnaissance to spread and find the most sensitive—or lucrative—assets to attack. By the time the attack triggers any alerts, it’s too late and the damage is done.

Go on the Offense with Your Security

Threat hunting puts security on the offense instead of just playing defense. Rather than just waiting for an attack to trip an alarm, threat hunting takes a comprehensive, holistic approach to proactively monitor for and identify suspicious or potentially malicious activity, so you can take action earlier and avoid—or at least minimize—the damage.

Cybersecurity Insiders surveyed more than 460 cybersecurity and IT professionals to learn more about the perceived threat landscape and how threat management is being addressed. The respondents represent roles from security analysts to IT managers to CISOs, ranging across various industries and regions.

More than half of those surveyed report that the rate of security threats has at least doubled over the previous year. More than half also indicated that the potential damage and impact of those security threats has at least doubled over the previous year. Nearly a quarter believe the severity is three or more times higher than the previous year. When you combine a higher frequency of attacks with a more significant impact, the result is an exponential increase in the overall risk organizations are facing.

Taking a proactive approach with threat hunting yields substantial benefits. According to the report, the top three objectives that organizations are focused on with their threat hunting programs are reducing exposure to external threats (56 percent), improving the speed and accuracy of threat response (52 percent), and reducing the number of breaches and infections (49 percent). Reducing the time to contain a threat and prevent it from spreading, reducing the overall attack surface, and reducing exposure to internal threats were close runners up.

Challenges of Threat Hunting

Effective threat hunting requires around-the-clock monitoring and cyber security expertise, though—which is part of the challenge. Nearly 60 percent of the survey participants indicated that they are behind the curve or have very limited threat hunting capabilities when it comes to addressing emerging threats. Lack of budget is by far the leading response to why organizations don’t have a dedicated threat hunting platform in place. Budget constraints also contribute to why 43 percent indicated a lack of expert security staff to assist with threat mitigation as a top challenge.

Organizations want to go on the offense and be more proactive about security. Threat hunting is very effective and is gaining momentum, but there are challenges. One solution is to outsource threat hunting to Security-as-a-Service providers to get the expertise you need at a cost that won’t break your budget.

To learn more about the benefits and challenges of comprehensive, proactive threat hunting, click here to check out the full 2018 Threat Hunting Report.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley