Top 5 Threat Hunting Myths: “EDR Is Threat Hunting”

Share and earn Cybytes
Facebook Twitter LinkedIn Email

The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and non-malware attacks, it’s harder than ever to protect your endpoints with confidence.  

To prevent this, threat hunting has emerged as an essential process for organizations to preempt destructive attacks. This process is a proactive approach to cybersecurity that identifies gaps in defenses and stops attacks before they go too deep.

While it may seem aggressive to work on the “assumption of breach” — that attackers are already inside an organization’s network and are covertly monitoring and moving throughout it — the reality is that attackers may be inside a network for days, weeks and even months on end, preparing and executing attacks, without any automated defense detecting their presence.

The bottom line is this: The adversary is hunting for your security gaps…why aren’t you?

Unfortunately, there is a lot of confusion around threat hunting that is preventing professionals from being proactive and getting the most out of their investments.  For this reason, we want to help debunk some of the most common myths about threat hunting.

Myth 1 — “EDR Is Threat Hunting”

Absolutely not. Endpoint detection and response (EDR) is a technology piece of your security puzzle. It automates endpoint data collection, and looks for abnormalities or malicious activity, empowering responders to react as quickly as possible. EDR technology enables threat hunting, but the latter is fueled by people, not automated by a platform or solution. While the data collected by an EDR solution is often indispensable to a hunter, the actual process is a continuous, proactive one in which humans search through their environment for gaps and threats. Threat hunting is not simply installing tools and waiting for alerts, it’s humans finding evil with the help of technology and data to be able to analyze activity and artifacts. It’s not man or machine, but man and machine together that create threat hunting.

43% of security professionals say they have threat hunting capabilities today, which indicates that more and more organizations are beginning to realize its value (35% up from 2017). As a security expert, your goal should be to assemble a dynamic team that advanced tools can support but never fully replace. Your hunters can use automation to help increase the effectiveness and scale of the hunt, but threat hunting is meant to go beyond what any machine can do by itself.1  

To learn more about the common misconceptions about threat hunting…

Download Our eBook

1 SANS 2018 Threat Hunting Survey

The post Top 5 Threat Hunting Myths: “EDR Is Threat Hunting” appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?