What is Threat Hunting?
Threat hunting is the proactive process of searching for malicious activity within an organization’s IT infrastructure that includes testing a hypothesis against data and analyzing the results. Using a threat hunt hypothesis, a threat hunter makes a supposition or proposed explanation made on the basis of limited evidence, and then uses this proposed explanation as a starting point for further investigation. When executed correctly, threat hunts can do more than augment signature-based detections. Threat hunting can also be utilized to fill security control gaps within the organization, and as a feedback loop to improve existing controls.