SANS 2019 Cyber Threat Hunting Survey
The 2019 SANS Threat Hunting Survey gathered current industry data from 575 respondents predominantly from small/medium to medium/large organizations that are working in the field of threat hunting or working alongside threat hunters. This year’s report aims to help organizations understand what threat hunting is, why it is essential to protect their organizations, and how novice and experienced hunters can improve their processes.
In this year’s survey, SANS explores how threat hunting teams are tasked in an environment, where they hunt and how they hunt. More than half of the respondents use atomic indicators of compromise (IoCs) or an alert-driven approach to hunting. This year’s survey results show that respondents have decreased their hypothesis-driven hunting over the past three years, which may pose some dangerous visibility gaps for organizations.
This survey also includes information surrounding:
- Building and running threat hunting teams
- Methodologies for performing threat hunting
- Tools and system data needed for a successful hunt