Simply Protecting Yourself is No Longer Enough

istock 1096844472

Firewalls, anti-virus, endpoint protection, and security awareness all form a foundation of protection against cyber threats. But putting these walls up is not nearly enough these days. Criminals are incredibly creative and resourceful. They can skillfully evade almost all protections. Today, organizations need tools that allow them to ask detailed questions to identify advanced (and even invisible) threats and active adversaries, and quickly take appropriate action to stop them.

“An important piece of a proactive strategy ties into threat hunting and response,” said Mat Gangwer, Senior Director of Managed Threat Response at Sophos. “Having the tools to go out and discern which threats are most likely to impact you. Really trying to understand what the risk is to you as an organization and then putting in appropriate measures to combat those. It’s about soliciting information from devices and knowing what to look for. That’s where experienced threat hunters come in.”

Gangwer said while most organizations have the tools to be notified of threats in the environment, it is only a starting point. A strategy that incorporates human-lead threat hunting and response expertise goes a step further and not only proactively hunts for and validates potential threats and incidents, but initiates actions as appropriate to disrupt, contain, and neutralize the threats.

“Every product out there is going to have limitations on what it’s able to observe,” said Gangwer. “And businesses are not always following best practice either. Tools may not be turned up all the way to where it's blocking everything and there's going to be things that get through.”

That’s why security teams need a better view of their environment with a broad range of telemetry that goes beyond the perimeter and endpoint. Threat hunting considers telemetry from sources like network data, and cloud data and extends visibility to better detect suspicious activity and neutralize active threats.

Proactively detecting advanced threats on a network is critical today. Some threat actors lurk for weeks or months in an environment before they decide to execute an attack. Whereas threat detection can only tell a security team when a threat becomes visible after it triggers an alert in security software, threat hunting gets in front of the potential problem and identifies threats that are not yet visible.

“Even after identifying threats, there's still questions that need to be answered and that's where a threat hunter would step in and try to uncover everything that's going on,” said Gangwer. “When doing threat hunting, you identify, uncover and analyze the events that are happening so you, you can react to them accordingly.”

Sophos can assist your organization with implementing a proactive threat hunting and response program to get in front of invisible threats. Learn more at


Copyright © 2021 IDG Communications, Inc.