Threat hunting is the active search for “unknown unknowns,” which describes new and novel attack behaviors that aren’t detected by current automated methods of prevention and detection. Studies shows, on average, it takes 10 days to detect an advanced threat, 39 days to mitigate & 43 days to recover from an Advanced attack. The ability to block advanced threats improves each year, but we face adversaries who are determined and creative, and their techniques evolve just as quickly. It is really hard to defend what you can’t see & understand using traditional security controls.
This raises a few questions:
- When prevention fails, what do we have left to protect our organizations?
- How can we discover gaps as fast as possible?