SANS White Paper: Threat Hunting: Open Season on the Adversary
In 2016, three absolute facts are relevant when it comes to security: (1) an organization cannot prevent all attacks (2) an organization's network is going to be compromised, (3) 100% guarantee of security does not exist.
This means that adversaries will breach your organization's protection, if they haven't already. The goal of security, then, is not about stopping adversaries, but also about controlling and minimizing the overall damage from incursion by hunting adversaries.
Responses from 494 participants to the first SANS survey on threat hunting reveal that nearly 86% of organizations are involved in threat hunting today, albeit informally, as more than 40% do not have a formal threat-hunting program in place. This Endgame-sponsored white paper provides an overview of survey results, as well as best practices for threat hunting.