Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment.
Introduction: Today’s Security Landscape Demands a More Proactive Approach Cybersecurity leaders are engaged in a difficult arms race against the threat actors who seek to attack their organizations. Recent years have seen an explosion of budgets and headcount dedicated to cybersecurity, with global spending on information security totaling $124 Billion USD in 2020.1
Despite the spending, however, the metrics are trending in favor of the cyber criminals. The number of reported breaches has increased at an annual rate of nearly 14% over the past five years.2 Costs continue to mount as well, with an average total cost of a breach now exceeding $3.8 million.3
The root of the problem is that cybercrime pays well for the criminals. Global cybercrime costs in 2021
are expected to reach $6 trillion USD, and it is a more profitable business than the global market for
illegal drugs.4
The opportunity for massive payouts has drawn a range of very sophisticated, well-funded
threat organizations into the arena. Although their work is nefarious, these groups operate like well-run
technology companies. They invest heavily in R&D, developing and improving the bots and malicious
utilities used in their attacks. They also continually invest in improving their tactics, techniques and
procedures (TTPs) to become savvier at penetrating an organization and more elusive as they do so.
This growing sophistication is behind another critical metric — in 2020, it took an average of 207 days to
identify a breach, and 280 days to contain it.
5 The attacks that cause the most damage and are hardest
to prevent, are the Advanced Persistent Threats (APTs) that are carried out during these multi-month
dwell times. During an APT, the attackers take a “slow and low” approach, attempting to blend in with
normal business operations as they continually seek to gain access to sensitive systems and the valuable
data within the environment.
The growing frequency and growing impact of APTs — coupled with the recognition that spending alone
cannot sufficiently protect their organization — is driving a renewed interest in threat hunting.
Cybersecurity leaders recognize that passive controls and existing security technologies are limited in
terms of what kinds of malicious activity they can uncover, and how quickly and efficiently they can do
so. In contrast, threat hunting is the proactive approach of uncovering the threats that linger within the
environment. And like the threat adversaries that they are up against, threat hunting relies as much on
human savvy as on technology.
