Threat hunting overview

- [Narrator] An organization's worst nightmare became a reality for a healthcare company that operated a chain of hospitals around the US. The company's network was taken hostage by a cybercrime group, and the hospital's patient database and email systems were taken offline. Doctors were unable to see patient records. Hospital staff was unable to send critical emails to get patients the care they needed. The healthcare facility entered into panic mode as the cyber attack gained widespread media coverage. The hospital began turning away patients because they had to operate without a number of essential safeguards meant to minimize critical mistakes. The hospital chain had a cybersecurity budget and incident response plan and technology like firewalls and antivirus, but the sophisticated adversary still got into the network undetected. This is where threat hunting fits into the cybersecurity ecosystem. Technology and cybersecurity solutions are good at detecting and stopping prevalent types of malware and cyber attacks. However, sophisticated nation states and cyber crime gangs are in the business of evading cybersecurity controls. Threat hunting is often defined as the practice of proactively searching for cyber threats that are lurking undetected in a network. I'd like to simplify the definition of threat hunting. Threat hunting is a mindset. We are working from the premise that there's already been an undetected cyber incident. The attackers already have a foothold in our network. They found a way to evade technology designed to stop an alert on their presence. The goal of threat hunting is to find the best of the best sneaky and stealthy adversaries that got into our network undetected before it's too late. Threat hunting is the last line of defense in hopes of preventing an attacker from achieving their objectives of holding an organization's digital assets hostage, stealing trade secrets or leaking secrets. Now that we know what threat hunting does, let's dive into what makes it so valuable for your company.