Five steps to effective threat hunting  

Threat hunting can benefit organizations by improving security posture and overall vigilance, cultivating a culture of proactive risk management and mitigation, and adding greater visibility of the attack surface and adversary tactics. Here are five steps to doing it effectively: 

  1. Measure existing threat hunt maturity. How mature is your organization’s threat hunting capability? Conducting an audit of one’s security posture and SOC environment is a good first step to understanding if the organization is ready for threat hunting. Organizations can also evaluate their readiness by using a cybersecurity maturity model and collecting insight from various frameworks and threat databases.  
  1. Decide on the right threat hunting approach. Once organizations have a better reading on their threat hunting needs and goals, they can begin looking for an arrangement that’s right for them. Part of that is deciding whether to cultivate threat hunters from within, outsource threat hunting to a third party, or set up a hybrid arrangement of in-house and out-of-house expertise.  
  1. Address the skills gap. Threat hunting is a chiefly human exercise, and organizations need to budget accordingly to attract skilled professionals.  

  1. Address the tech gap. For threat hunters to be effective, they need full visibility of the network and the tools to search it. The right technologies can grant that visibility, but they can also add more difficulties if they fail to mesh with personnel structures and policies. Organizations might consider using an eXtended threat and response (XDR) platform that natively integrates threat hunting tools into one package, along with providing a dashboard interface to explore threat signals and other vulnerable assets. 
  1. Develop and implement an incident response plan. As threat hunting operations grow, security managers must develop a living incident response plan that can accommodate any changes in protocols as it relates to detection, reporting, triage and analysis, containment, and post-incident cleanup. 

For more on the subject, see the SCMedia eBook “Threat Hunting Essentials: How to Craft an Effective Process.”

Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.