SANS 2020 Threat Hunting Survey


This is SANS’ fifth year of conducting the Threat Hunting Survey to examine how the cybersecurity industry is currently supporting threat hunting and how they are conducting threat hunting in their organizations. Our goal is to better understand where we currently are in the threat hunting field and to provide guidance on where the industry should focus as it continues to move the advantage more in our favor of defenders. Based on the results from the 2020 survey, this paper aims to provide an informed view on what the data tells us and where we need to focus our future threat hunting efforts.

For this year’s survey, we changed some of our previous survey questions to better understand the makeup of threat hunting teams and how they are performing their work—be it with tooling, staffing, or capabilities. We wanted to take a dive deeper into how threat hunters are fulfilling their missions, which tools they are selecting, and why they are using certain tools or procedures. Our hope is to continue this trend to see how threat hunters’ views change over time, along with the technology and education of threat hunters. Included in our findings are not only the raw results and trends but also recommendations of how to further push the boundaries of threat hunting and better defend your networks from threat actors.

This survey also includes information surrounding:

  • The risks behind threat hunting as a form of compliance
  • The formalization of threat hunting processes and procedures
  • Primary tasks of an organization’s threat hunting team members
  • The use of automated tools in threat hunting and threat intelligence
  • Threat hunting for vulnerabilities

    Please complete the form below to access this research:

    Business E-mail Address

    First Name

    Last Name


    Job Role

    Job Function

    Company Size




    Zip / Postal Code


    Business Phone Number

    Your privacy is a top concern for us at Knowledge Hub Media. We’ll only use your personal information to provide you with the content, products and/or services you’ve requested from us. By entering your contact information and clicking on the “submit” button below, you are confirming that you have carefully read Knowledge Hub Media’s Terms of Use agreement, and Privacy Policy, and agree to be legally bound by all such terms.

    Yes, I agree to the Terms of Use Agreement.

    Yes, I agree to the Privacy Policy.

    The third party vendor sponsoring this content may wish to contact you regarding products and/or services as they relate to this white paper/research. Please check the appropriate boxes below, indicating the ways in which you would like to receive communication from our third party affiliates:

    Yes, I would like to receive communication by email.Yes, I would like to receive communication by telephone.Yes, I would like to receive communication by postal mail.

    Knowledge Hub Media would also like to keep in touch regarding related content, white papers, business/technology research and upcoming events in your area of expertise. Please check the appropriate boxes below to opt-in:

    Yes, Knowledge Hub Media may contact me via email.Yes, Knowledge Hub Media may contact me via telephone.Yes, Knowledge Hub Media may contact me via postal mail.

    You can easily change your communication and consent preferences at any time. Opt-out of receiving communication from Knowledge Hub Media and/or our third party affiliates by easily updating your personally identifiable data and contact preferences here: Update Communication Preferences

    Comments are closed.