Given the insidious nature of advanced threats, it’s almost a certainty that every organization of any size will eventually be hacked or compromised, regardless of what or how many cybersecurity defenses are in place. In response, the somewhat new concept of threat hunting is becoming an increasingly important part of cybersecurity defenses.
But true threat hunters are rare, even compared with the shortage of other IT workers and cybersecurity personnel. Threat hunters are trained to look at a variety of factors within a network from traffic and DNS records to SIEM reports and almost everything else. The best hunters examine that data to come up with hunches about things that don’t quite feel right. They then set out to track down and uncover threats within their network that may have eluded other analysts and security programs.
We have reviewed quite a few threat hunting programs in the past. However, almost all of them were designed as tools to help threat hunters do their jobs. The problem with that is that it requires organizations to have threat hunters in the first place. Otherwise, it’s like handing a sleek new rifle to someone who has never shot a gun before, and sending them off into the woods with the expectation that they will bring back dinner.
Read the entire review, only at CSO Magazine.