How can IT security threat hunters measure success? That is one of the core questions raised by the new SANS 2019 Threat Hunting Survey, which was co-sponsored by Authentic8.
The answer may lie in a strategy and tool selection that avoids mission and cost creep, and results in measurable effects - and savings - to prove it.
That’s our main takeaway from this year’s Threat Hunting Survey. Co-authors Mathias Fuchs and Joshua Lemon capture the different needs and challenges within organizations that are just starting their cyber threat hunting program, versus those who are honing their skills and programs.
Definitions of Threat Hunting
What is threat hunting? The SANS survey results document a wide variety of methodologies, spending priorities, tools deployed, training needs - and opinions about what constitutes effective threat hunting practices.
"Many organizations use an alert-driven approach to threat hunting or use indicators of compromise [IoCs] to guide their hunts," says Mathias Fuchs, a SANS instructor and threat