Alert Stop Bad Rabbit Ransomware In Its Tracks. Learn more

Archives

Threat Hunting: Open Season on the Adversary

The views expressed by analysts in their coverage of Carbon Black are those of the author and do not reflect the views of Carbon Black. Additionally, the information contained in their reports may not be correct or current. Carbon Black disavows any obligation to correct or to update the information contained in analyst reports.

In 2016, three absolute facts are relevant when it comes to security:

  1. An organization cannot prevent all attacks
  2. An organization’s network is going to be compromised
  3. 100% security does not exist

This means that adversaries will breach your organization’s protection—if they haven’t already. The goal of security, then, is not just about stopping adversaries, but also about controlling and minimizing the overall damage from an incursion. The main method for finding adversaries already in our networks is threat hunting—an area on which security personnel are increasingly focusing their attention.

Responses from 494 participants to the first SANS survey on threat hunting reveals that many organizations are experiencing enough benefits from threat hunting to make more of an investment in it. These and other results, along with advice and best practices for threat hunting, are provided in the following report.

You’ll learn about the importance of building a mature threat-hunting program by adopting the following goals:

  • Provide early and accurate detection
  • Control and reduce impact and damage with faster response
  • Improve defenses to make successful attacks increasingly difficult
  • Gain better visibility into the organization’s weaknesses
sans_open_season

Download Report