We hear it from our customers or in conversations at trade shows all the time: It would be great to hunt cyberthreats, but there is simply not enough time or resources to pull it off effectively. Larger organizations with big security budgets often make hunting cyberthreats part of the incident response process or even have a dedicated threat hunting team. But for many organizations, it seems daunting to even know where to begin.

Despite these common challenges, threat hunting is incredibly important in today’s cyber landscape. A proactive cyberthreat hunting program can help analysts uncover unknown threats in the environment and gain a deeper understanding of the organization’s technical landscape. But the fact remains that getting a proactive and efficient threat hunting program off the ground can be a challenge for many organizations. What can they do to get started?

5 Tips for Building a Threat Hunting Program

A new SANS Spotlight titled “Thinking Like a Hunter: Implementing a Threat Hunting Program” dives into this challenge and explores how organizations can increase their maturity and start a successful threat hunting program. The paper provides a few key steps that security teams can follow to make their security more effective through threat hunting. Here are five key tips from the report.

Download “Thinking Like a Hunter: Implementing a Threat Hunting Program”

More from Threat Hunting

How Do Threat Hunters Keep Organizations Safe?

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and…

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

RomCom RAT Attack Analysis: Fake It to Make It

The RomCom RAT has been making the rounds — first in Ukraine as it went after military installations, and now in certain English-speaking countries such as the United Kingdom. Initially a spear-phishing campaign, the RomCom attack has evolved to include domain and download spoofing of well-known and trusted products. In this piece, we’ll break down current RomCom realities, dive into the problems with digital doppelgangers and offer advice to help secure software downloads. RomCom Realities Despite the name, there’s no…

A Perfect Storm: 7 Reasons Global Attacks Will Soar in 2023

In 2023, the global annual cost of cyber crime is predicted to top $8 trillion, according to a recent Cybersecurity Ventures report. This seemingly enormous figure might still be a major underestimate. In 2021, U.S. financial institutions lost nearly $1.2 billion in costs due to ransomware attacks alone. That was a nearly 200% increase over the previous year. If we continue at that rate, next year could see global costs approaching $16 trillion. Why might costs be so high? Here…