Monthly Archives: May 2016


Surveying the Threat Hunting Landscape, Part 1: The Current State of Threat Hunting

In April, the SANS Institute published the results of the first threat hunting survey to date. The results were gathered from 464 security practitioners in a variety of fields (including financial, cybersecurity, defense contracting, and government organizations) on threat hunting and the role it plays in their security infrastructure. The survey sought to determine if and how organizations are currently hunting, how they feel about their present hunting maturity, and what they have planned for increasing their hunting capabilities in the future. The survey results come at a critical time – today, companies are starting to realize what SANS calls the “three absolute facts” of security: 1) companies cannot prevent every attack; 2) an organization’s network will, at some point, be compromised; and 3) 100% security simply does not exist. It’s imperative, then, that companies try to ramp up their detection capabilities as much as possible to minimize the impact and severity of inevitable cyber attacks.


Surveying the Threat Hunting Landscape, Part 2: Threat Hunting Practices and Next Steps

In part 1 of this series, we outlined the current state of cyber threat hunting as it was profiled in SANS’s recent survey of 464 companies on the handling of proactive cyber threat detection. In this section, we’ll discuss specifically what types of hunting practices these companies use to track and remove threats in their systems, and we will take a look ahead to see how threat hunting will continue to grow in the future.