A recent study, conducted June 2023 by CyberRisk Alliance – Business Intelligence unit (CRA BI) gives clues to how most organizations use the threat intelligence they gather. According to a survey of 196 security professionals, vulnerability prioritization is the top use case for threat intelligence, with 70% of respondents saying it’s their top use for threat intelligence. Sixty Five percent of those respondents have also stated they use threat intelligence to aid them with reactive incident response.
Proactive measures, on the other hand, were shown to be lower on the list of use cases, with 50% of respondents saying they use threat intelligence for threat hunting and just 46% of respondents saying they use threat intelligence for advanced warning against future attacks.
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses. It involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities. It is an essential component of any defense strategy and is becoming increasingly important as companies seek to stay ahead of the latest cyber threats and rapidly respond to any potential attacks.
Threat hunting is searching for possible cyber attacks and is usually done by using manual analysis of data. Some common techniques used during threat hunting include: Memory dumps, which check your system’s memory for signs of malicious activity; Analyzing server images for threat activity; Checking endpoint protection data for possible incidents; Analyzing the disk images of individual workstations to see if anything raises a red flag; Checking your network protection infrastructure for alerts or anomalous data points that may indicate the presence of a threat; Searching; Cluster analysis; Grouping; and Stack counting.
AI however, can automate this process making it easier and more efficient. UMBRA also offers proprietary technology capabilities.
From The Shadows Emerges Knowledge