“HUNTING IS NOT A SPORT. IN A SPORT, BOTH SIDES SHOULD KNOW THEY’RE IN THE GAME.”
‘Threat hunting’ is a concept that has gained tremendous traction within the cyber security community. Organizations have realized that while traditional security controls and analysis have served as a cornerstone for an organization’s cyber security compliance, they are no longer sufficient to mitigate operational risks.
This is especially true given the ever-increasing attack surfaces of these organizations, as well as the increase in number and capability of cyber adversaries. This reality has necessitated a paradigm shift from reactive to proactive security, and as a result, organizations have increasingly focused on threat hunting to fill this realized gap.
However, despite this increase in demand for processes, people, and technologies to enable threat hunting across environments, many organizations continue to struggle with the establishment of sustainable threat hunting capabilities which are able to operate in a rigorous, and repeatable, manner. This struggle is often fed by a litany of business and technical challenges, some of which are unique to threat hunting, but many of which are common to security practices as a whole.