In a world where millions of new cyberthreat signatures and viruses are
created each day, it might seem crazy to go looking for trouble. After all,
trouble will find you soon enough. Yet even with the best tools, organizations
only catch about 80 percent of all cyberthreats. It’s the other 20 percent
of cyberthreats — the minority of unknown and undetected threats — that
cause the majority of damage.
It’s the 20 percent of unknown/undetected cyberthreats that are responsible
for 80 percent of the damage caused by cyberattacks.
Smart organizations do more than react to security threats. They proactively
hunt for threats in their networks, endpoints and systems. Threat hunting has
become a security best practice in organizations around the world. As the name
implies, threat hunting isn’t a passive process, but a high-stakes hunt for
enemies that involves a unique mix of technology, intelligence, skill and intuition.
The security analysts who perform threat hunting are after big game: data
exfiltration schemes that sell private data to the highest bidder, the inception
files of ransomware attacks that hijack data systems, viruses that can redirect online
traffic to copycat phishing sites, and the list goes on. During the hunt, time is
of the essence. The longer a threat stays lurking in your network, the more damage it causes.