Security professionals are in a fight every day to track down criminals who would disrupt governments, businesses, institutions, and lives. Attackers nearly always have the element of surprise in their favor. But is there a way to turn the tables on these digital thieves? Can we learn how to disrupt the disruptors? New evidence shows that, as security operations teams add proactive threat hunting capabilities and mature their security infrastructure with an automated and analytics-driven approach, they can begin to throw the attackers off their footing. A study of more than 700 IT and security professionals around the world provides some useful insights and lessons for organizations that are looking to better understand and enhance their threat hunting capabilities. Threat hunting is loosely defined in practice, and most organizations believe they have threat hunters, though many lack formal programs and prioritize other activities over hunting.
The most mature threat hunting organizations are substantially more effective
Automation and analytics are necessary and available
It is not just about what tools you buy
Use of threat intelligence significantly affects results
Customization and optimization is critical