Back to Blog

The Post-Breach Challenge: The Scarcity of Proactive Hunters

Over the last two decades, most of the security industry has focused on deploying layers of technology that try to prevent hackers from getting in. But the last two years have shown that even the most secured organizations can be hacked, and firms have begun to realize that network penetration by a hacker is inevitable.

This realization shifts the security mentality into a post-breach mindset, which requires security teams to have the skills and the attitude of a hunter. One needs to look for evidence of an attacker’s behavior in the network (which usually looks very similar to a normal user behavior), be able to differentiate malicious activities from the benign, and build a coherent picture of an emerging threat inside the network out of the pieces of evidence.

With this understanding, we see an increasing amount of organizations come to the realization that they need to be actively hunting. They must shift from being reactive to proactive -- from dealing with alerts to proactively threat hunting.

However, even with this realization, most security operations are still caught in a reactive IT-mentality. They rely on less experienced level 1 analysts whose main job is to review alerts, close the ones that are false and escalate the suspicious activity. With the pressures of time and efficiency, their focus is to move through this process as quickly as possible, rather than properly investigate each alert to see why they emerged and if they go deeper.

Even the most advanced security organizations are still focused on reactively chasing alerts, while those proactive searching and hunting are few and far between. This is because professional cyber-hunters are rare. Furthermore, the sad truth is that organizations are not fully utilizing their existing talent to proactively hunt for threats. The majority of teams are caught in a tedious, never-ending cycle of incident chasing, and there simply aren’t enough experienced hunters to change their approach to security.

This is why we believe a disruption is needed: An automated solution that will enhance the abilities of the novice, level 1 analysts and make them hunting-capable, as well as one that will supercharge the abilities of the more advanced cyber-hunters. Otherwise, these sophisticated attacks are simply too complex to fight.

Let the hunt begin.