The Evolution of Threat Hunting
For six years, SANS has conducted a Threat Hunting Survey to examine how cybersecurity professionals hunt inside their organizations to more rapidly detect and identify threats. This year’s survey seeks to better understand the current landscape of threat hunting for organizations and the benefits that threat hunting can bring to an organization’s security posture. Based on the responses to the 2021 survey, this paper summarizes changes that we have seen over the past two years of authoring the threat hunting survey for SANS, as well as observations about those changes. We also look at how organizations have improved their threat hunting efforts over time.
Unlike in previous years, the 2021 survey included questions about the impact of COVID-19 on threat hunting efforts. Organizations experienced varying impacts from the pandemic: Some organizations experienced a negative impact on their security postures, while others saw a more targeted focus on cybersecurity and threat hunting in their organization. A significant number of respondents report uncertainty as to what type of impact the pandemic has had on their threat hunting teams. Significant uncertainty about the pandemic lingers, and many respondents report they anticipate significantly increasing their threat hunting activities in the coming 24 months.
Download this report to learn:
- The impact of COVID-19 on threat hunting
- Threat hunting teams and maturity levels
- What is included in a modern threat hunter’s toolbox
- Benefits of threat hunting
- Barriers to success
- What today’s threat hunting teams look like