Cybersecurity Insiders just released the results of their survey about threat hunting practices. The results confirm that security professionals generally think threat hunting is a good idea and wish their organizations would be doing more proactive threat hunting than they are. Fair enough.
The results also highlighted a divide, or lack of clarity, in the definition of the term "threat hunting" itself. In the Cyber Security Insiders survey, 52% of respondents indicated that their threat hunting efforts were primarily proactive (commencing before any threat is detected) and 48% indicated a reactive approach (in response to a new or ongoing incident).
Moreover, 59% of respondents indicated Automatic Threat Detection as the most important feature for a threat hunting tool. This indicates that the respondent pool has a widely ranging view of what kind of activity can be considered "threat hunting" versus investigation, incident response, and other related activities.
...read more!