SANS 2018 Threat Hunting Survey
This survey report reveals that for many organizations, threat hunting is still new and poorly defined from a process and organizational standpoint. Most are still reacting to alerts and incidents instead of proactively seeking out the threats.
While the act of threat hunting cannot be fully automated, it heavily leverages automation and begins where automation ends. Many organizations are finding success by focusing on core continuous monitoring technologies and relying on more security automation in their environments to make hunting more effective.
Download this survey report which also includes information surrounding:
- Critical DFIR skills for threat hunting
- The hunting armory (effective tools and resources)
- How to measure hunt team success