Threat hunting is becoming an integral part of defensive activities in larger enterprises or those that have been heavily targeted in the past, according to a new SANS survey. Yet, findings also show that threat hunting is still an immature practice that relies mostly on human intuition to conduct the searches. SANS defines threat hunting as a focused and iterative approach to search out, identify and understand adversaries that have entered the defender’s networks. Hunting should be proactive, yet 43% of respondents say their hunts are triggered by an event or a hunch, and 5% of respondents don’t know what triggers their hunts. The remainder are either monitoring continuously or on a regular schedule, such as once a week.
ORIGINAL SOURCE: Help Net Security
from Threat Hunting Still Maturing and Mostly Ad-hoc