At a glance, the threat hunting landscape in 2023 seems awash in contradictions. Human ingenuity and insight are essential to steering threat hunting investigations, yet technologies like advanced analytics and automation are integral to conducting these searches. When done right, threat hunting is proactive, methodical and unhurried, yet many security professionals see the activity as a “race against time” to process and act on every possible threat alert. Increasingly, organizations believe threat hunting is important in improving overall security posture, but do not have (or do not provide) sufficient funding to acquire the kind of skilled expertise, training, or improved tools that could make a significant difference. Meanwhile, organizations are hungry to add experienced threat hunters to their ranks but struggle to find such talent in an intensely competitive and specialized field.
Then there’s the threats themselves, which are evolving to evade SIEMs and other defense tools that, in years past, would have been enough protection. As one respondent said, “we’re growing, but we’re not growing at the same rate as the bad guys.” And despite growing recognition and interest in the value of threat hunting, security leaders we surveyed said there is still very low awareness of what processes, tools and policies are needed to maximize threat hunting potential.
Will it always be a “race against time”, or can organizations find ways to defy the odds and integrate threat hunting capability in their ranks?