We hear it from our customers or in conversations at trade shows all the time: It would be great to hunt cyberthreats, but there is simply not enough time or resources to pull it off effectively. Larger organizations with big security budgets often make hunting cyberthreats part of the incident response process or even have a dedicated threat hunting team. But for many organizations, it seems daunting to even know where to begin.

Despite these common challenges, threat hunting is incredibly important in today’s cyber landscape. A proactive cyberthreat hunting program can help analysts uncover unknown threats in the environment and gain a deeper understanding of the organization’s technical landscape. But the fact remains that getting a proactive and efficient threat hunting program off the ground can be a challenge for many organizations. What can they do to get started?

5 Tips for Building a Threat Hunting Program

A new SANS Spotlight titled “Thinking Like a Hunter: Implementing a Threat Hunting Program” dives into this challenge and explores how organizations can increase their maturity and start a successful threat hunting program. The paper provides a few key steps that security teams can follow to make their security more effective through threat hunting. Here are five key tips from the report.

Download “Thinking Like a Hunter: Implementing a Threat Hunting Program”

more from Threat Hunting

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however,…

What Cybersecurity Teams Can Learn From the US Cyber Command’s ‘Hunt Forward’

After decades of playing defense, the United States government went on the offense in the past few years against global state-sponsored cyber attackers. U.S. Cyber Command conducted “hunt forward” operations recently in 16 countries, including in Ukraine, as part of a policy set in 2018.  This policy involves partnering with foreign countries on finding cyber threats against them. The idea…