Using threat hunting to anticipate the unknown

A cyber threat could be lurking in any corner of an organisation’s infrastructure. The complex networks encompassing numerous smart and interconnected technologies make it easy for cyber criminals to hide, but much harder for them to be found.

Yet, waiting for a cyber threat to make an appearance is far too dangerous; if left undetected, a cyber criminal could stay in an organisation’s network for years – and just think of the damage that could be caused. To combat this, threat hunting is now an essential component of any cybersecurity strategy. Rather than waiting for a hacker to make themselves known, threat hunting involves constantly and proactively searching for the threats hiding within a system, working on the assumption that a cyber hacker is ever-present and looking for signs of unusual activity before it even occurs.

But how does threat hunting work in practice, and how can the approach ensure an organisation’s data is kept safe? Paul German, CEO, Certes Networks, explores why a proactive approach to cybersecurity is essential at a time when the threat has never been more severe.

The need for observability

Today’s networks are complex, presenting numerous places for a cyber hacker to hide. And unfortunately, it’s not uncommon for infiltrations to go undetected in networks for days, weeks or months. In fact, a recent report shows that it takes organisations an average of 280 days to identify and contain a data breach, but organisations can’t afford to wait this long. In this time, a cyber hacker can be travelling through the network, infiltrating systems and stealing information, making an organisation’s data increasingly vulnerable.

And the length of time can even be longer than this; in the 2018 Marriott International data breach, hackers were accessing the network for over four years before they were discovered, which resulted in the records of 339 million guests being exposed. The hotel chain then suffered a second data breach this year after cyber criminals had been in the network for over one month, impacting approximately 5.2 million guests.

So, what needs to change? It is now more important than ever for organisations to be able to analyse contextual data in order to make informed decisions regarding their network security policy. This is not possible without 24/7/365 managed detection and response (MDR) tools for proactive threat hunting that uses event monitoring logs, automated use case data, contextual analysis, incident alerting and response and applying tactics, techniques and procedures (TTPs) to identify issues that improve an organisation’s security posture.

Anticipating the unknown

When anticipating the unknown, cyber security analytics tools can capture data and detect evasive and malicious activity, wherever they are in the network in real-time. Generating fine-grained policies and enforcing these is one step security teams can take to proactively detect and remediate malicious activity immediately. With policy enforcement, attackers will have a hard time attempting to make lateral ‘east-west’ movements or remaining hidden in any part of the network, as the security team will be able to see inside the network and protect against threats across all attack surfaces across all manged endpoints with a unified multi-layer approach. This includes policy generation and enforcement MDR tools that can provide greater insight into the overall reliability, impact and success of network systems, their workload and their behaviour to identify threats and proactively respond and protect assets. 

In reality, this means that security teams can take measurable steps towards controlling system access of the network environment; knowing who is in the network, who should be able to access what data and which applications, and being the first to detect indicators of compromise (IOC).

Ahead of the game 

Threat hunting is a way to stay one step ahead of cyber criminals. Organisations no longer have to wait to be alerted of data breach before taking action; today it is essential to have a complete picture of the entire network in real-time, including extending these capabilities to teleworkers, so that unusual activity can be identified and halted immediately, before any damage occurs. With strong MDR tools at the core, organisations can ensure a strong and effective security posture based on anticipating the unknown, clear visibility into vulnerabilities that pose the biggest threat and identifying barriers that prevent successful tracking and remediation.

 

To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio

Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Christina Alexander Judge - SecurityBuyer

Christina Alexander Announced as Security Buyer Awards Judge

Security Buyer is proud to announce Christina Alexander as the latest addition to the distinguished judging panel for the Security…
Milestone - SecurityBuyer

Milestone Systems updates across XProtect, BriefCam, Arcules

Milestone Systems today announced updates across its complete security technology portfolio with releases for XProtect
ASSA ABLOY SMARTair - Security Buyer

More flexible management of Gen-Z student accommodation

Almost everyone attending university for the first time is now a digital native. They expect the convenience…
ICT - securitybuyer

ICT announces Martin Vermaak as COO

Integrated Control Technology (ICT), a leading provider of intelligent access control, intrusion detection, building automation..
FLIR - security buyer

New FLIR camera for Perimeter Security

FLIR, a Teledyne Technologies company, today released its newest high-resolution visible/thermal security camera for commercial..
Contacta - Security Buyer

Contacta launches Level 8 ballistically-resistant window intercom

Assistive listening specialist, Contacta, has launched the world’s first window intercom system with a Level 8 UL752 approval.
Big Interview Abdullah Tanoli

Big Interview – Hero of Leicester Square

Rebecca Spayne of Security Buyer has the privilege of speaking with a real-life hero, Abdullah Tanoli, the hero of Leicester Square..
SentinelOne & AWS - Security Buyer

SentinelOne Teams with AWS to bring Cloud Security Protection

SentinelOne announced that it is a launch partner for the new AWS Security Hub. The new collaboration builds on a long standing..
Genetec - Security Buyer

Genetec and Hanwha Vision

The latest in our ongoing series introducing Hanwha Vision’s pioneering partners, leads us to Ben Durrant, Account Executive at Genetec Inc.
Altronix - SecurityBuyer

Altronix POE367 Delivers 277VAC Support

Altronix has expanded its power product line with the new POE367 power supply/charger designed specifically for 277VAC input environments.
Scroll to Top