The Differing Needs of New and Experienced Threat Hunters
Threat hunting is a proactive approach to identifying signs of an attack, as opposed to the reactive approach security operations center (SOC) analysts follow.
The 2019 SANS Threat Hunting Survey finds that there is still confusion as to what respondents believe constitutes threat hunting and how to properly approach it. The report aims to dissipate that confusion by helping organizations understand what threat hunting is, why it is essential in protecting their organizations, and how threat hunters can improve their process.
Some of the survey findings include:
- Organizations put less value in endpoint and memory forensics
- Respondents have decreased their hypothesis-driven hunting
- Many organizations are dual-tasking threat-hunters
- Organizations are still struggling to measure the benefits of threat hunting