Cybersecurity Threat Hunting Explained
In this video Jeff shows how threat hunting works, what data security analysts use, and what tools they aggregate that data and accelerate the time to containment.
It takes about 200 days to identify when your cybersecurity has been breached, and another 70 days to contain it according to the Ponemon Institute.
Threat hunting is one way to try to minimize that time and prevent breaches before they happen.
In this video Jeff shows how threat hunting works, what data security analysts use, and what tools they aggregate that data and accelerate the time to containment.
As IBM explains here, threat hunting is important because sophisticated threats can get past automated cybersecurity. Although automated security tools and tier 1 and 2 security operations center (SOC) analysts should be able to deal with roughly 80% of threats, you still need to worry about the remaining 20%.
The remaining 20% of threats are more likely to include sophisticated threats that can cause significant damage. Given enough time and resources, they will break into any network and avoid detection for up to 280 days on average. Effective threat hunting helps reduce the time from intrusion to discovery, reducing the amount of damage done by attackers.
Attackers often lurk for weeks, or even months, before discovery. They wait patiently to siphon off data and uncover enough confidential information or credentials to unlock further access, setting the stage for a significant data breach.
How much damage can potential threats cause? According to the Cost of a Data Breach report, a data breach costs a company almost USD 4 million on average. And the harmful effects of a breach can linger for years. The longer the time between system failure and response deployed, the more it can cost an organization.