What is Threat Hunting?

Threat hunting is the process of proactively and continuously searching networks to detect and isolate advanced threats that have evaded existing security solutions. 

In threat hunting, security analysts utilize tools such as EDR (endpoint detection and response) and threat intelligence to proactively hunt for adversaries already present - though as yet undiscovered - in corporate networks. Managed detection and response (MDR) is a form of outsourced threat hunting. Threat hunting may begin with the discovery of anomalous activity and hypotheses of what might be causing that activity. The security analyst or threat hunter will utilize the hypotheses as the basis for where to look for potential active or latent threats within the IT environment.

Hunting is used to identify threats at the earliest stage possible and uses manual and technology-assisted techniques. When adding a threat hunter or a hunting team, an organization should outline specific practices about how and when hunting takes place, who will be responsible for specific actions, and the development of metrics to measure success. Another important component is to establish baselines for normal operations.