sans

Threat Hunters Strike Back: Results of SANS Survey Release

SANS Survey Release

Hunting still maturing and mostly ad-hoc, but those who hunt report improvements in security and response

BETHESDA, Md., April 17, 2017 /PRNewswire-USNewswire/ — Threat hunting is becoming an integral part of defensive activities in larger enterprises or those that have been heavily targeted in the past, according to a new SANS Survey. Yet, findings also show that threat hunting is still an immature practice that relies mostly on human intuition to conduct the searches.

SANS defines threat hunting as a focused and iterative approach to search out, identify and understand adversaries that have entered the defender's networks. Hunting should be proactive, yet 43% of respondents say their hunts are triggered by an event or a hunch, and 5% of respondents don't know what triggers their hunts. The remainder are either monitoring continuously (which SANS recommends) or on a regular schedule, such as once a week.

“Threat Hunting is new to most organizations and demonstrates that it has had a positive effect on reducing attacker dwell time for those organizations that conduct hunts regularly,” says the survey's author, Rob Lee, SANS fellow and curriculum lead author for the SANS Incident Response and Forensics training courses.

In the survey, 60% of those who hunt for threats reported measurable improvements in their InfoSec programs based on their hunting efforts, and 91% report improvements in speed and accuracy of response.

Staffing and skills remain problematic for organizations trying to fill threat hunting positions, with only 31% of organizations designating a program for threat hunting with assigned staff. Log analysis, knowledge of the network, threat analysis, incident response and forensics are all sought-after skills for developing threat hunting programs.

Skills—and tools—also need to mature to improve data search, connect the dots between information sources, investigate and conduct the searches, according to responses.

“The survey benefits our industry by showing that most organizations are new to hunting efforts,” Lee concludes. “It is also a gut check for those organizations not yet starting to incorporate hunting into their security operations.”

Results will be discussed at the SANS Threat Hunting and Incident Response Summit, April 18-19 in New Orleans. Link here: www.sans.org/u/rhu

Following the summit, full results of the survey will be shared during a two-part webcast aired live Wednesday, April 26 and Thursday, April 27 at 1 PM EDT. The webcasts, hosted by SANS, are sponsored by Anomali, DomainTools, Malwarebytes, Rapid7, Sqrrl and ThreatConnect. Register to attend the webcasts at www.sans.org/u/rhk and www.sans.org/u/rhp.

Those who attend the webcasts receive early access to the associated whitepaper, which will be posted and available at www.sans.org/reading-room/whitepapers/analyst after the live webcasts.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

Four Cloud Security Mega Trends

Four Cloud Security Mega Trends

Cloud Security Trends Last year was a big year for the cloud. Cloud adoption continued to grow at a rapid clip, even as executives from companies such as McDonald’s and ENEL talked about how their ...
Organizational Transformation: Taking The DevOps Dive

Organizational Transformation: Taking The DevOps Dive

Taking The DevOps Dive The Gartner IT Glossary defines DevOps as “…a change in IT culture, focusing on rapid IT service delivery through the adoption of agile, lean practices in the context of a system-oriented approach. DevOps ...
Over 100 New Ransomware Families Discovered Last Year

Over 100 New Ransomware Families Discovered Last Year

100 New Ransomware Families The world in 2016 sees a rapid rise of ransomware attacks that are increasingly targeting specific businesses and entire industries. A report by David Balaban for privacy-pc.com shows that ransomware attacks ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ in the human body. While the first, second, and third screens have historically exercised the ...
73% Are Using Internet Of Things Data To Improve Their Business

73% Are Using Internet Of Things Data To Improve Their Business

Internet Of Things Data According to the Cisco Visual Networking Index, M2M connections will represent 46% of connected devices by 2020. 95% of execs surveyed plan to launch an IoT business within three years. These ...
The Lighter Side Of The Cloud - Machine Learning
The Lighter Side Of The Cloud - Passwords
Comic
The Lighter Side Of The Cloud - Turmoil
The Lighter Side Of The Cloud - The Robo-Revolution
The Lighter Side Of The Cloud - Day 5
The Lighter Side Of The Cloud - The Letter "G"
The Lighter Side Of The Cloud - The Dating Game
The Lighter Side Of The Cloud - The Backup Reminder

CLOUDBUZZ NEWS

Independent Study Finds Hybrid Cloud Analytics and BI Strategies Will Grow Revenue 15 Percent for Enterprise Businesses

Independent Study Finds Hybrid Cloud Analytics and BI Strategies Will Grow Revenue 15 Percent for Enterprise Businesses

WALLDORF — SAP SE (NYSE: SAP) today announced research findings from leading industry analyst, Forrester Consulting, indicating that cloud is vital for enabling greater analytics and data maturity. In the Forrester survey commissioned by SAP, 82 percent of companies ...
Getting to the How of Multicloud

Getting to the How of Multicloud

Customers are moving beyond thinking about what multicloud is, when it’s coming (it’s already here) or why it’s accelerating. At this point, we are in a new phase, where customers need to know how to navigate the complexity and power their next wave of ...
Oracle Blockchain Cloud Service and Financial Services Enable Next-Gen Blockchain Innovators

Oracle Blockchain Cloud Service and Financial Services Enable Next-Gen Blockchain Innovators

Students Tackle Real Problems and Succeed in Blockchain Challenge In an effort to accelerate blockchain innovation in Financial Services and other industries, Oracle recently joined academia and banking industry leaders as part of the Carolina Fintech ...