I particularly agree with the last sentence in this article, as the very purpose of threat hunting is for the defender to proactively go out and hunt for a possible compromise or breach, based on a theory, a hypothesis, or from threat intelligence sources, as opposed to reactively waiting for inbound alarms before attempting to start down the path of investigations and incident response.
Merged with security best practice such as disaster recovery planning, patching, AI and machine learning, this can provide a positive boost for the defenders of networks.
I recently presented some ideas around threat hunting in a webinar available here. I also discussed threat hunting basics and how to leverage open source tools, as well as existing security capabilities, to help get you started, on the Security Weekly show.
It’s never a question of if another crippling cyber-attack will take place, only a matter of when. As security teams prepare for the next ransomware epidemic, it’s critical for preventive measures beyond traditional security to be implemented. Tactics such as patching, behavioral-based detection, machine learning, and threat hunting shift the advantage away from the attacker, toward the defender