Threat hunting – what, why and how
While many organizations utilize cybersecurity solutions like endpoint protection platforms (EPP), around 10% of cyber threats – including new, unknown and evasive threats such as many types of ransomware – are capable of bypassing these defenses.
Threat hunting works on the assumption that although an organization’s existing security controls haven’t detected or reported anything, the organization has in fact been compromised and some kind of threat is already in the system.
Threat hunting then uses tools including endpoint detection and response (EDR) and clearly defined and structured processes to spot the telltale signs that a breach has occurred and identify it. Not only can this proactive, pre‐emptive approach minimize the harm that can be inflicted by potentially extremely damaging human‐driven attacks, it also helps to strengthen and validate security controls to better defend the organization in the future.
Download this whitepaper to explore what is threat hunting and what you need to be a successful threat hunter.