With data breaches making the news ever more frequently, businesses are on the look out for new ways to identify and guard against threats.
Cyber threat intelligence company DomainTools has released the results of a new survey conducted by the SANS Institute on the effectiveness of using threat hunting to aggressively track and eliminate cyber adversaries as early as possible.
According to the survey, adopters of this model reported positive results, with 74 per cent citing reduced attack surfaces, 59 per cent experiencing faster speed and accuracy of responses, and 52 per cent finding previously undetected threats in their networks.
"With cyberattacks increasing exponentially each year, it's no surprise enterprises are attracted to threat hunting as a proactive multi-layered approach to discovering and mitigating cyber threats as early as possible," says Tim Chen, CEO of DomainTools. "As the findings note, successful threat hunting isn't necessarily about overhauling an existing cybersecurity program, it's about using the third-party data and technologies that most organisations already possess in order to maximise the chances of proactively finding, attributing and eliminating an adversary before the damage is done".
Though it's a relatively new approach to the early identification of cyber threats, 85 per cent of enterprises say they are currently involved with some level of threat hunting. There are barriers to using the technique effectively though, 40 per cent cite the need for a formal program and 52 per cent a lack of skilled staff.
The top seven data sets that support threat hunting are IP addresses, network artifacts and patterns, DNS activity, host artifacts and patterns, file monitoring, user behaviour and analytics, and software baseline monitoring. The most common trigger for launching a hunt is an anomaly or anything that deviates from normal network behavior according to 86 per cent of respondents.
However, the survey also reveals that only 23 per cent of businesses have hunting processes that are invisible to attackers, meaning that the majority of organisations are at risk from exposing internal hunting procedures in a way that benefits the attacker.
You can learn more in the full report which is available from the DomainTools website.