Over the last few years, infections due to malware have been steadily falling, and are giving way to new, more sophisticated behaviours from cyberattackers.
These days, in order to slip by unnoticed, criminals carry out targeted attacks with proprietary malware, and make use of legitimate applications and goodware. In fact, up to 62% of companies claim to have been victims of malwareless cyberattacks. What’s more, cyberattacks that use chatbots, malicious inbound marketing or artificial intelligence are also on the up.
This situation lays bare the need to provide an equivalent response to these kinds of attacks. This need is particularly pressing when we consider that such breaches currently cost companies an average of $3.8 million; the average time to identify the security breach is 197 days; and the average time to contain the breach is 69 days. A company could be affected by this kind of cyberattack for nearly nine months.
A proper threat hunting strategy would reduce these figures, while at the same time offering a solution to the big cybersecurity challenge faced by companies in all sectors: detecting suspicious behaviours in users and machines, including from legitimate tools, in order to warn of possible intrusions in the system. This is why threat hunting is the main theme of the second edition of the Panda Security Summit (#PASS2019).
Threat hunting in figures
The 2018 Threat Hunting Survey highlights the fact that 49% of the companies surveyed were unaware of the threats that they found that could lead to a cyberattack. 53% of organisations didn’t find candidates who provide a proactive attitude of seeking and anticipating threats, beyond the traditional approach to respond to cyberattackers (according to ESG).
Gartner as an independent analyst, leaders of the European Commission and large Spanish companies such as Telefónica and CaixaBank, along with nine security specialists will all be at #PASS2019. There, they will unveil their different experiences and points of view of the technological society about threat hunting, as well as other trends that currently affect thousands of organisations in our country.
Pedro Uría, director of PandaLabs, will also explain the different steps of a threat hunting process, and how to apply them to different cases. The steps are:
- Deploy detection conditions (rules, algorithms...): known threats are located; if they aren’t known, they aren’t detected, which is why one must work with a blacklist approach.
- Formulate attack hypotheses with things that could be a threat, and then look for evidence.
- Validate these hypotheses and, if one of them is confirmed, extend the search area, and respond to the incident.
- Create a new detection condition: the attack is reconstructed to find any new patterns and tactics used to carry it out. Using the knowledge generated during the Threat Hunting process, the automatic detection systems are enriched and improved.
#PASS2019 will bring together almost 1000 attendees from leading European companies and institutions, including CISOs, CIOs, heads of cybersecurity, and CEOs. There will be 5 workshops, which will provide in-depth information about the subjects discussed in the conferences. José Sancho, president of Panda, Juan Santamaría, CEO of Panda, and María Campos, KA and Telecoms at Panda Security, will share their views on the main challenges of cybersecurity.