IDC PlanScape: IT Security — Creating A Robust Threat Hunting Capability

IDC PlanScape Figure

• Figure: IDC PlanScape: Executive Summary of IT Security for Creating A Robust Threat Hunting Capability

Executive Summary

Why Is Creating a Robust Threat Hunting Capability Important?

• Attackers Are Increasingly Sophisticated

• Computing Environments Are More Complex

• Most Attacks Go Undetected for Extended Periods of Time

• Threat Hunting Puts Teeth Behind "Assume You Are Already Compromised"

What Is Creating a Robust Threat Hunting Capability?

• What Do Threat Hunters Search For?

• Threat Hunting Systematizes and Automates Hunches

• Figure: Interest in Threat Hunting, 2011–2021

• Apply Threat Intelligence Solutions in a Practical Way

Who Are the Key Stakeholders?

• Table: Key Stakeholders

How Can My Organization Take Advantage of Creating a Robust Threat Hunting Capability?

• Begin with What You Already Have

• Use a Risk-Based Approach

• Don't Operate in a Vacuum

• Integrate with the Security Operations Center to Increase Visibility

• Think Like an Attacker

• Figure: Cyber Kill Chain

• Consider Using Managed Threat Hunting Services

Advice for Technology Leaders

• Figure: Essential Guidance for Effective Threat Hunting

Related Research