Security Information Event Management (SIEM) tools have been around for quite some time. SIEMs are great for aggregating log files, parsing them, and using real-time correlation rules to spot security incidents. But more advanced incidents can evade detection by your SIEM. Finding those evasive threats becomes a lot easier if you employ threat hunting.
Threat hunting is the proactive and iterative approach to detecting cyber adversaries that have evaded detection or proper prioritization by existing cyber defenses. It’s also a continuous process, it never ends. Rather than wait for alerts to come to you, threat hunting platforms go out and look for those threats that have slipped past your other defenses.
Threat hunting is also a key trend for next generation security operation centers (SOCs). Gone are the days when a SOC could be built just around alert triage. Proactive threat hunting complements your SIEM and other investments for a powerful, layered defense.
Yet while threat hunting is top-of-mind, there’s still a need for improved tools and methods.
According to a 2016 SANS Institute survey, 86% of those security practitioners surveyed said they are actively involved in threat hunting (albeit basic). Yet, 88% say their threat hunting programs need to be improved and 56% are dissatisfied with how long it takes them to hunt for threats.
Check out this upcoming webinar on January 5th, 2017. Hosted by DLT and Sqrrl, you’ll learn how you can supercharge your SIEM with threat hunting.
Even if you’re doing some basic threat hunting today, you’ll learn how your agency can leverage a threat hunting platform to simplify and automate the hunt and automate so that your average security analyst can detect and respond to sophisticated attacks and overcome the blind spots in your SIEM.