Rather than waiting for the “you’ve been breached” notification, security analysts are combing their employer’s infrastructure for evidence of threat activity using what they call cyber threat hunting, note Robert M. Lee and Rob Lee in the SANS Institute white paper The Who, What, Where, When, Why and How of Effective Threat Hunting.
What is cyber threat hunting?
According to the white paper A Framework for Cyber Threat Hunting from the people at Sqrrl Data (a company that has roots in the US cyber intel community and is heavily invested in advanced cybersecurity and big data), cyber threat hunting is defined as:
“The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.”
The Sqrrl Data white