Organizations Are Finding Threats More Effectively: Results of a SANS Survey
Scope of threat hunting is growing, while dwell time is shrinking
BETHESDA, Md., Sept. 4, 2018 /PRNewswire/ -- A new SANS survey finds that organizations are broadening the scope of their threat hunting efforts and that dwell times are decreasing. The survey, to be released in a two-part webcast on September 19 and September 20, also indicates that threat hunting is not so much "about rebranding what many defenders have endeavored to do over the years," according to SANS authors Robert M. Lee and Rob T. Lee. Instead, they say, threat hunting is now "about placing an appropriate, dedicated focus on the effort by analysts who purposely set out to identify and counteract adversaries who may already be in the environment."
The survey found 43% of respondents' organizations are now performing continuous threat hunting operations, which the authors consider a strong indicator that threat hunting is growing in scope and need. As they point out, "In 2017, the number was only 35%, which shows that many organizations are now adopting methodologies that are key to reducing adversaries' overall dwell time."
The authors are hopeful that, as more organizations perform threat hunting, dwell time will shorten even more in the coming years. They indicate that dwell time currently averages above 90 days, but "as recently as 2013, the average dwell time was over six months. The decline since then shows that the adoption of threat hunting and stronger analytical techniques have had a significant impact on reducing the overall dwell time of adversaries across most networks."
Full results will be shared during a two-part webcast. Part 1, covering prerequisites organizations should consider when preparing for a hunt, will be held on September 19 at 1 PM EDT. The Part 2 webcast, airing on September 20 at 1 PM EDT, will cover benefits and drawbacks of integrating with cyber threat intelligence (CTI). Both webcasts are sponsored by Anomali, DomainTools, IBM, Malwarebytes, Qualys, RiskIQ and hosted by SANS.
Register to attend the September 19 webcast at www.sans.org/webcasts/107450 and the September 20 webcast at www.sans.org/webcasts/107455.
Those who register for the webcast will also receive access to the published results paper developed by Robert M. Lee and Rob T. Lee.
Tweet This:
SANS Threat Hunting Survey | Scope of threat hunting is growing | Sept. 19 | www.sans.org/webcasts/107450
SANS Threat Hunting Survey | Threat hunting decreases dwell time | Sept. 20 | www.sans.org/webcasts/107455
Learn how the scope of threat hunting is growing, and why dwell time is shrinking | Part 1, www.sans.org/webcasts/107450 | Part 2, www.sans.org/webcasts/107455
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)
SOURCE SANS Institute
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article