SEATTLE, April 14, 2016 /PRNewswire/ -- DomainTools, the leader in domain and DNS-based cyber threat intelligence, today announced the results of the first annual Threat Hunting: Open Season on the Adversary Survey, conducted by the SANS Institute. The research revealed that 85 percent of enterprises have already adopted some form of Threat Hunting to aggressively track and eliminate cyber adversaries as early as possible. This proactive "Threat Hunting Model" leverages existing tools combined with human intervention to strengthen the security posture of the organization. According to the survey, adopters of this model reported positive results, with 74 percent citing reduced attack surfaces, 59 percent experiencing faster speed and accuracy of responses, and 52 percent finding previously undetected threats in their networks.
As the number of cyber threats continues to climb, understanding and managing cybersecurity risks has become top of mind for all organizations. Businesses are responding by taking action and implementing holistic technology initiatives, like Threat Hunting, to mitigate the overall risk to the organization instead of relying solely on traditional, siloed prevention like Firewalls or Intrusion Detection Systems (IDS). The new SANS/DomainTools research corroborates the shift towards a Threat Hunting approach, with 62 percent of organizations planning to increase spending on Threat Hunting in the coming year and over 42 percent increasing it by 25 percent or more.
"With cyberattacks increasing exponentially each year, it's no surprise enterprises are attracted to Threat Hunting as a proactive multi-layered approach to discovering and mitigating cyber threats as early as possible," said Tim Chen, CEO of DomainTools. "As the findings note, successful Threat Hunting isn't necessarily about overhauling an existing cybersecurity program, it's about using the third-party data and technologies that most organizations already possess in order to maximize the chances of proactively finding, attributing and eliminating an adversary before the damage is done."
Additional key findings from the SANS report include:
The top seven data sets that support threat hunting are: IP addresses, network artifacts and patterns, DNS activity, host artifacts and patterns, file monitoring, user behavior and analytics, and software baseline monitoring.
86 percent of respondents said the most common trigger for launching a hunt is an anomaly or anything that deviates from normal network behavior.
Only 23 percent of businesses have hunting processes that are invisible to attackers, meaning the majority of organizations are at risk from exposing internal hunting TTPs in a way that benefits the attacker.
About DomainTools® DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at www.domaintools.com or follow us on Twitter: @domaintools