The SANS survey shows that there is great interest in hunting, but purpose-built hunting solutions are needed to make hunting simpler and more automated.
(PRWEB) April 20, 2016
Sqrrl, the security analytics company that enables organizations to target, hunt, and disrupt advanced cyber threats, today announced the results of a survey on threat hunting conducted with the SANS Institute and the publication of a new white paper on Threat Hunting Platforms (THPs).
Threat hunting is the process of proactively and iteratively searching through networks to detect and investigate advanced threats that evade existing detection tools. The threat hunting survey, which polled 494 security practitioners, found that more and more organizations are recognizing the benefits of threat hunting, and it is becoming a critical emerging trend in cybersecurity efforts.
Nearly 86% of organizations are involved in threat hunting today, and 52% of respondents say threat hunting has enabled them to find previously undetected threats in their enterprise. However, more than 40% do not have a formal threat hunting program in place and are still figuring out what a hunting program should look like, how to attract the right skills, and how to automate their processes. Additionally, 88% of respondents say their threat hunting programs need to be improved.
“Threat hunting is a proven method to find unknown cyber threats,” says Sqrrl CEO Mark Terenzoni. “The SANS survey shows that there is great interest in hunting, but purpose-built hunting solutions are needed to make hunting simpler and more automated.”
Concurrent with the publication of the survey results, Sqrrl has released a new white paper that defines the requirements for a THP. A THP is a unified solution that automates and simplifies much of the threat hunting process. A THP can speed up hunting adoption and help enable less experienced security analysts take on hunting missions. The key requirements of a THP, outlined in the white paper, include:
- Big Data storage and processing across diverse security, endpoint, and network datasets
- Out-of-the-box and customizable analytics and risk scoring with a focus on detecting adversary Tactics, Techniques, and Procedures (TTPs)
- Intuitive and visual exploration of data to investigate hunting hypotheses
- Collaboration workflows (i.e., pack hunting)
The white paper, which can be downloaded here, also illustrates how Sqrrl’s Threat Hunting Platform meets each of these requirements.
Sqrrl is the security analytics company that enables organizations to target, hunt, and disrupt advanced cyber threats. Sqrrl’s industry-leading threat detection and response platform unites threat hunting, behavioral analytics, and incident investigation capabilities in an integrated solution. Sqrrl’s unique platform approach enables security analysts to discover threats faster and reduces the time and resources required to investigate them. Learn more at sqrrl.com.
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (http://www.sans.org)