Monthly Archives: October 2015


The Threat Hunting Reference Model Part 2: The Hunting Loop

Cyber threat hunting is a proactive security approach for organizations to detect advanced threats in their networks. Until recently, most security teams have relied on traditional rule- and signature-based solutions that produce floods of alerts and notifications, and typically only analyze data sets after an indicator of a breach had been discovered as a part of forensic investigations.


The Threat Hunting Reference Model Part 1: Measuring Hunting Maturity

Many organizations are quickly discovering that cyber threat hunting is the next step in the evolution of the modern SOC, but remain unsure of how to start hunting or how far along they are in developing their own hunt capabilities. This blog series will seek to formalize a reference model for how to effectively conduct threat hunting within an organization. We begin with a simple question: How can you quantify where your organization stands on the road to effective hunting? With a general model that can map maturity across any organization.