SANS 2019 Threat Hunting Survey

The Differing Needs of New and Experienced Threat Hunters

Published June 2020

Threat_Hunting_Survey

Threat hunting is a proactive approach to identifying signs of an attack, as opposed to the reactive approach security operations centre (SOC) analysts follow.

The 2019 SANS Threat Hunting Survey finds that there is still confusion as to what respondents believe constitutes threat hunting and how to properly approach it. The report aims to dissipate that confusion by helping organizations understand what threat hunting is, why it is essential in protecting their organizations, and how threat hunters can improve their process.

Some of the survey findings include:

  • Organizations put less value in endpoint and memory forensics
  • Respondents have decreased their hypothesis-driven hunting
  • Many organizations are dual-tasking threat-hunters
  • Organizations are still struggling to measure the benefits of threat hunting

Download the whitepaper for key takeaways you can integrate into your threat hunting programs.