In 2016, three absolute facts are relevant when it comes to security:
- An organization cannot prevent all attacks
- An organization’s network is going to be compromised
- 100% security does not exist
This means that adversaries will breach your organization’s protection—if they haven’t already. The goal of security, then, is not just about stopping adversaries, but also about controlling and minimizing the overall damage from an incursion. The main method for finding adversaries already in our networks is threat hunting—an area on which security personnel are increasingly focusing their attention.
Responses from 494 participants to the first SANS survey on threat hunting reveals that many organizations are experiencing enough benefits from threat hunting to make more of an investment in it. These and other results, along with advice and best practices for threat hunting, are provided in the following report.
You’ll learn about the importance of building a mature threat-hunting program by adopting the following goals:
- Provide early and accurate detection
- Control and reduce impact and damage with faster response
- Improve defenses to make successful attacks increasingly difficult
- Gain better visibility into the organization’s weaknesses