From Ferdinand Magellan to Lewis and Clark to Neil Armstrong – humans have an innate desire to understand the unknown. In security operations, we see this phenomenon every day in several forms, one of which is threat hunting. Threat hunting is not triggered by an event, but by the unknown. It is the practice of proactively and iteratively searching for abnormal indications within networks and systems.
Proactive threat hunting has become such an important aspect of effective security operations that it is now one of the top three areas of improvement in Incident Response (IR) that organizations plan to make this year. According to the 2018 SANS Incident Response Survey, 45.3 percent of the 452 respondents prioritize it above developing/improving IR playbooks and automating response and remediation workflows.