What is Cyber Threat Hunting?
Threat hunting is the practice of systematically and proactively looking for malicious cyber activity inside of your organization’s network—it is a critical element in defending against cyber attacks, mitigating the impact of cyber incursions already inside your network, and establishing a complete approach to cyber resilience.
Importantly, effective cyber threat hunting cannot be achieved solely by deploying software and hardware technologies to scan for malicious code. We know this because cyber threat actors regularly penetrate and lurk within corporate networks for prolonged periods of time—over 200 days on average—before being detected.
In today’s fast-moving cyber environment, organizations need skilled and experienced cyber incident response professionals to serve as threat hunters who can leverage sophisticated tools and situation-specific methodologies to anticipate both known and unknown cyber threats.
When Should You Conduct a Threat Hunt?
It is always best practice to perform cyber threat hunts on an annual basis as part of your cyber resilience strategy. However, it is also important to perform targeted threat hunts when major changes take place in your environment or uncertainty is identified. Examples of situations that may necessitate a threat hunt include:
Identification of a major vulnerability (such as Log4j) or breach (such as SolarWinds) on a critical asset or software your organization uses.
M&A activity to ensure you are protected against “buying a breach.”
Periods of major system change to ensure attackers don’t take advantage of disruption.
After a cyber event to provide confidence to third parties that your organization hasn’t remained actively compromised.
Annual cyber resilience assessments, to check if your cyber strategy, controls and cyber risk mitigation processes are working as planned.
To learn more about launching a cyber threat hunt for your business, either on an ongoing basis or to address a recent event, contact our team.