{"id":7843,"date":"2023-02-17T23:00:00","date_gmt":"2023-02-17T23:00:00","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/2019\/05\/17\/how-to-run-a-threat-hunting-program\/"},"modified":"2023-07-31T20:59:00","modified_gmt":"2023-07-31T20:59:00","slug":"threat-hunting","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/","title":{"rendered":"What is Cyber Threat Hunting? Definition, Techniques &#038; Steps"},"content":{"rendered":"<p>Threat hunting starts with a pretty paranoid premise: That your network may have already been breached and threat actors may be inside waiting for an opportunity to strike.<\/p>\n<p>Sadly, that turns out to be true in many cases. You can&#8217;t be paranoid enough when it comes to cybersecurity. And that&#8217;s why cyber threat hunting adds human and technical elements to cyber defenses to try to find signs that those cyber defenses may have already been breached.<\/p>\n<p>Whether done by an internal team or an outside service, threat hunting adds another layer to cybersecurity defenses by working together with threat detection and response tools to provide a more comprehensive approach to threat defense.<\/p>\n<p>As advanced persistent threats (<a href=\"https:\/\/www.esecurityplanet.com\/threats\/advanced-persistent-threat\/\">APTs<\/a>) that dwell inside your network are capable of causing great damage, any organization with sensitive data should regularly engage in threat hunting.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6d0ad2595f\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6d0ad2595f\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#How-Cyber-Threat-Hunting-Works\" title=\"How Cyber Threat Hunting Works\">How Cyber Threat Hunting Works<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#7-Threat-Hunting-Techniques-Methodologies\" title=\"7 Threat Hunting Techniques &amp; Methodologies\">7 Threat Hunting Techniques &amp; Methodologies<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#Cyber-Threat-Hunting-Framework-in-5-Steps\" title=\"Cyber Threat Hunting Framework in 5 Steps\">Cyber Threat Hunting Framework in 5 Steps<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#What-is-a-Threat-Hunting-Maturity-Model\" title=\"What is a Threat Hunting Maturity Model?\">What is a Threat Hunting Maturity Model?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#Top-Threat-Hunting-Tools\" title=\"Top Threat Hunting Tools\">Top Threat Hunting Tools<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#Is-Threat-Hunting-Right-for-Your-Business\" title=\"Is Threat Hunting Right for Your Business?\">Is Threat Hunting Right for Your Business?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#Bottom-Line-Threat-Hunting\" title=\"Bottom Line: Threat Hunting\">Bottom Line: Threat Hunting<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"How-Cyber-Threat-Hunting-Works\"><\/span>How Cyber Threat Hunting Works<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cyber threat hunting works by probing an organization\u2019s network, systems, logs and other information sources to find any threats that were missed by traditional threat detection tools. A combination of techniques and tools are used to thoroughly investigate and analyze incidents and indicators of compromise (IoC) with the goal of preventing or mitigating damage caused by network security attacks.<\/p>\n<p>Threat hunting teams are often composed of analysts from <a href=\"https:\/\/www.esecurityplanet.com\/networks\/soc-best-practices\/\">SOC teams<\/a> or similarly qualified security pros. Internal teams use systems like <a href=\"https:\/\/www.esecurityplanet.com\/networks\/siem-explained\/\">SIEM<\/a> and security analytics to aid in their investigations. Externally, <a href=\"https:\/\/www.esecurityplanet.com\/networks\/managed-detection-and-response-mdr\/\">managed detection and response (MDR)<\/a> is one service that often includes threat hunting.<\/p>\n<p>The human element makes threat hunting closer to activities like <a href=\"https:\/\/www.esecurityplanet.com\/networks\/penetration-testing-vs-vulnerability-testing\/\">pentesting and vulnerability assessments<\/a> than informational tools like threat intelligence feeds. The big difference is that rather than looking for vulnerabilities that could lead to an attack, threat hunting teams are also looking for evidence of actual attacks.<\/p>\n<h3>4 Common Threat Hunting Activities<\/h3>\n<p>Fortunately, threat hunting teams have no shortage of tools and data for investigating potential threats. Searching all those data sources can be challenging though, but a number of data approaches and tools can make that easier.<\/p>\n<p><strong>Searching <\/strong>meticulously for data that may contain potential threats can be time-consuming due to the vast amount of data that needs to be analyzed. To make things simpler, this activity is typically broken down into two methods, <em>clustering and grouping<\/em>.<\/p>\n<p><strong>Clustering<\/strong> involves analyzing large datasets to pinpoint patterns and anomalies that may indicate a security threat. This data is based on common attributes where cyber threat hunters can efficiently identify suspicious activity, making the threat hunting process more manageable.<\/p>\n<p><strong>Grouping<\/strong> involves clustering data by characteristics such as user accounts, system settings or application behavior to isolate anomalies that may pose a potential security threat. This technique enables cyber threat hunters to identify potential threats and facilitate immediate action to fix any security vulnerabilities.<\/p>\n<p><strong>Stack counting<\/strong> is a bonus technique used to identify and isolate any potential network security threats by analyzing the behavior of different applications on an organization\u2019s systems. By leveraging this approach, organizations can proactively safeguard their systems and data from evolving cyber threats and stay ahead of potential security breaches.<\/p>\n<p>We&#8217;ll cover the tools and techniques that make threat hunting possible in the next few sections.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"7-Threat-Hunting-Techniques-Methodologies\"><\/span>7 Threat Hunting Techniques &amp; Methodologies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>These threat hunting techniques and methodologies can help security teams proactively detect security threats. And by using and maximizing the value of existing security tools, organizations can gain deeper insights into the data gathered by security solutions. This will help build a culture of security by raising awareness of security threats among employees and stakeholders, making the organization more resilient against evolving network security threats.<\/p>\n<p><strong>Structured<\/strong> approach to cyber threat hunting follows a clearly defined methodology or process for identifying and investigating potential security threats. This includes specific steps and procedures that guide threat hunters through the process of collecting and analyzing data to detect any anomalies.<\/p>\n<p><strong>The unstructured approach<\/strong> is more flexible and allows more creativity and intuition in identifying threats. It relies mostly on the expertise and experience of the cyber threat hunter to identify potential threats and investigate them without following tedious or rigid processes.<\/p>\n<p><strong>The situational or entity-driven technique<\/strong> is done depending purely on the specific goal or focus of the investigation. The situational approach is involved in investigating a specific incident or security breach, while the entity-driven approach focuses on a particular system or network entity to identify potential network security threats.<\/p>\n<p><strong>Internal transparency <\/strong>ensures that all stakeholders, security teams, and management have access to relevant information and insights about the investigation. This builds trust and cooperation among different teams and improves the overall effectiveness of threat hunting.<\/p>\n<p><strong>Using up to date sources<\/strong> allows cyber threat hunting to identify potential security threats by using the most current and relevant data sources. This includes data from logs, network traffic, threat intelligence feeds, and other relevant sources. These up to date sources allow threat hunters to stay ahead of evolving threats and reduce the risk of security breaches.<\/p>\n<p><em>See the <\/em><a href=\"https:\/\/www.esecurityplanet.com\/products\/threat-intelligence-platforms\/\"><em>Top Threat Intelligence Platforms<\/em><\/a><\/p>\n<p><strong>Leverage existing tools and automation<\/strong> to analyze large amounts of data and identify potential network security threats. This can help cyber threat hunters work more efficiently and effectively, since it enables them to investigate potential threats more quickly and accurately.<\/p>\n<p><strong>User and Entity Behavior Analytics (UEBA)<\/strong> can supplement threat hunting by using machine learning algorithms to detect suspicious behavior patterns that potentially indicate a security threat. Using UEBA helps organizations improve their ability to proactively detect and respond to any potential security threats.<\/p>\n<p><em>See the <\/em><a href=\"https:\/\/www.esecurityplanet.com\/products\/best-user-and-entity-behavior-analytics-ueba-tools\/\"><em>Best User and Entity Behavior Analytics (UEBA) Tools<\/em><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cyber-Threat-Hunting-Framework-in-5-Steps\"><\/span>Cyber Threat Hunting Framework in 5 Steps<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There is a five-stage process that is commonly used to identify, investigate, and respond to potential security threats. These serve as standard operating procedures to guide team activities.<\/p>\n<p><strong>Hypothesis<\/strong> is the starting point, making assumptions about potential threats based on intelligence or other indicators of compromise. The hypothesis should be specific and testable and must have a clear set of expected outcomes to clearly identify the necessary steps needed.<\/p>\n<p><strong>Collect and process data<\/strong> from a variety of sources to filter out irrelevant or noisy data, then transforming it into a format that can be easily analyzed.<\/p>\n<p><strong>Trigger alerts<\/strong> or other mechanisms will automatically notify the threat security team when certain conditions are met. These triggers could be based on specific patterns in the data or other indicators that suggest a potential threat.<\/p>\n<p><strong>Investigation<\/strong> happens after trigger alerts have been activated. Security hunters or analysts will use different tools and techniques to analyze the data and identify the potential network security threats. This may involve searching for specific indicators of compromise, identifying patterns in the data, or conducting more detailed analysis of specific systems or network segments.<\/p>\n<p><strong>Response<\/strong> is mitigating the identified threats, the final stage of the framework. This includes isolating compromised systems, removing malware, patching vulnerabilities or taking other measures to prevent further damage. The response must be guided by the severity and nature of the threat. It will also need the resources and capabilities of the network security team.<\/p>\n<p><em>See the <\/em><a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-service-providers\/\"><em>Best Patch Management Service Providers<\/em><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"What-is-a-Threat-Hunting-Maturity-Model\"><\/span>What is a Threat Hunting Maturity Model?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The Hunting Maturity Model (HMM) is a framework that provides a structured approach for an organization to assess and improve their threat hunting capabilities. This typically contains five levels, where each level represents a new degree of maturity in terms of the organization&#8217;s capability to detect and respond to security threats.<\/p>\n<p><strong>Level 1 &#8211; Initial:<\/strong> The organization\u2019s threat capability is inconsistent, with little to no formalized process in place<\/p>\n<p><strong>Level 2 &#8211; Minimal: <\/strong>The organization has some basic threat hunting processes in place, but they are not reactive or well-coordinated.<\/p>\n<p><strong>Level 3 &#8211; Procedural: <\/strong>The organization has established formal processes for threat hunting and has implemented tools and technologies to support these processes, but they may still be isolated and not fully integrated with the overall security posture of the organization.<\/p>\n<p><strong>Level 4 &#8211; Innovative: <\/strong>The organization is exploring new techniques and technologies for threat hunting and is continually looking for ways to improve its capabilities.<\/p>\n<p><strong>Level 5 &#8211; Leading: <\/strong>With highly sophisticated capabilities and systems in place, the organization is a recognized leader in threat hunting. It is continually pushing the limits of threat hunting and actively sharing its knowledge and skills with the larger security community.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Top-Threat-Hunting-Tools\"><\/span>Top Threat Hunting Tools<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There are a number of tools that threat hunting teams rely on to help them spot IoCs and other signs of possible breaches.<\/p>\n<ul>\n<li><strong>Spreadsheets<\/strong>: The simplest threat hunting tool is the humble spreadsheet, which many threat hunters use to help them when carrying out a stack counting exercise to manage the numbers and sort them so that outliers can easily be spotted.<\/li>\n<li><strong>Security monitoring tools<\/strong>: Defensive security products such as <a href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\">firewalls<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">EDR<\/a> tools, <a href=\"https:\/\/www.esecurityplanet.com\/products\/data-loss-prevention-dlp-solutions\/\">data loss prevention systems<\/a> (DLP), and network <a href=\"https:\/\/www.esecurityplanet.com\/networks\/intrusion-detection-and-prevention-systems\/\">intrusion detection systems<\/a> are all used by threat hunters to help reveal indicators of compromise.<\/li>\n<li><strong>Statistical analysis tools<\/strong>: These use mathematical patterns to spot anomalous behavior in data, which the threat hunter may then decide warrants further investigation.<\/li>\n<li><strong>Intelligence analytics tools<\/strong>: These tools help threat hunters visualize data with interactive charts and graphs that make it easier to spot previously hidden correlations and connections between entities, events, or data.<\/li>\n<li><strong>SIEM systems<\/strong>: <a href=\"https:\/\/www.esecurityplanet.com\/products\/siem-tools\/\">Security Information and Event Management (SIEM) solutions<\/a> are used by threat hunters as well as reactive security staff to make sense of the vast amounts of log data that many organizations generate and to surface suspicious activity.<\/li>\n<li><strong>User and entity behavior analytics tools<\/strong>: <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-user-and-entity-behavior-analytics-ueba-tools\/\">UEBA<\/a> tools can help threat hunters spot anomalous behavior.<\/li>\n<li><strong>Threat intelligence resources<\/strong>: As well as tipping threat hunters off about new threats to look for and techniques that attackers are adopting, <a href=\"https:\/\/www.esecurityplanet.com\/products\/threat-intelligence-platforms\/\">threat intelligence resources<\/a> also give details of specific executables or malware hashes to look for and malicious IP addresses to be wary of.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Is-Threat-Hunting-Right-for-Your-Business\"><\/span>Is Threat Hunting Right for Your Business?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Any business can benefit from threat hunting, and the more sensitive and important your data is (especially if subject to <a href=\"https:\/\/www.esecurityplanet.com\/networks\/security-compliance\/\">compliance regulations<\/a>) the more you need to start a threat hunting program or contract with a threat hunting service.. There are a number of necessary capabilities that can help you decide if your staff has the skill and expertise to carry out threat hunting.<\/p>\n<h3>Threat hunting requirements<\/h3>\n<p><strong>Data Familiarity:<\/strong> Threat hunting requires collecting and analyzing a large amount of data from different sources and should be collected and analyzed in real-time to quickly identify potential threats. By leveraging a familiarity with similar data patterns, organizations can compare faster and accurately identify potential threats to respond accordingly.<\/p>\n<p><strong>Skill and expertise:<\/strong> Effective threat hunting requires skilled personnel with the necessary expertise in cybersecurity, data analysis, and <a href=\"https:\/\/www.esecurityplanet.com\/networks\/incident-response-how-to-prepare-for-attacks-and-breaches\/\">incident response<\/a>. The threat security team should have a deep understanding of the organization\u2019s systems, networks, and potential threat vectors.<\/p>\n<p><strong>Threat intelligence: <\/strong>Threat hunting requires continuous access to the latest threat intelligence, such as information on new vulnerabilities, attack techniques, and threat actor behaviors. This information will help identify potential threats and develop effective countermeasures.<\/p>\n<p><strong>Tools and technologies:<\/strong> To properly perform and execute threat hunting, there are specialized tools and technologies that an organization must have. These may include advanced analytics tools, a SIEM system, EDR tools, and <a href=\"https:\/\/www.esecurityplanet.com\/products\/ndr-network-detection-response\/\">network traffic analysis (NTA)<\/a> solutions.<\/p>\n<p><strong>Continuous improvement:<\/strong> Continuously learning from previous threat hunting helps organizations stay on top of potential risks. It is important to stay ahead of evolving threats by regularly reviewing the threat hunting program\u2019s effectiveness, refining processes and tools, and updating skills and expertise to ensure that the program stays effective.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Bottom-Line-Threat-Hunting\"><\/span>Bottom Line: Threat Hunting<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cyber threat hunting is an increasingly important skill set for organizations with sensitive data, or those subject to data privacy and handling laws. Defensive security tools can&#8217;t stop every threat, and attackers can lurk inside a network for a long time without being caught.<\/p>\n<p>A successful threat hunting program requires a skilled cybersecurity team with experience in data analysis and incident response. It must also have access to the latest threat intelligence trends and specialized tools and technologies for data analysis and management.<\/p>\n<p>The requirements are high, but the potential payoff is big. By continuously looking for potential threats, organizations can gain a deeper understanding of their systems and networks and develop more effective countermeasures against potential attacks.<\/p>\n<p>But organizations without those abilities can still conduct threat hunting with outside help (see the <a href=\"https:\/\/www.esecurityplanet.com\/products\/top-mdr-solutions\/\">Top MDR Services<\/a>).<\/p>\n<p><em>This updates a May 17, 2019 article by <\/em><a href=\"https:\/\/www.esecurityplanet.com\/author\/paul-rubens-esp\/\"><em>Paul Rubens<\/em><\/a><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6d0ad24840-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6d0ad24840\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6d0ad24840\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6d0ad24840\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6d0ad24840\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6d0ad24840\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6d0ad24840\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Threat hunting starts with a pretty paranoid premise: That your network may have already been breached and threat actors may be inside waiting for an opportunity to strike. Sadly, that turns out to be true in many cases. You can&#8217;t be paranoid enough when it comes to cybersecurity. And that&#8217;s why cyber threat hunting adds [&hellip;]<\/p>\n","protected":false},"author":318,"featured_media":27346,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[15],"tags":[28043],"b2b_audience":[33],"b2b_industry":[],"b2b_product":[382,379],"class_list":["post-7843","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threats","tag-threat-hunting","b2b_audience-awareness-and-consideration","b2b_product-application-security-vulnerability-management","b2b_product-threats-and-vulnerabilities"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Threat Hunting: Proactively Search for Cyber Threats<\/title>\n<meta name=\"description\" content=\"Cyber threat hunting is a proactive approach to cybersecurity. Learn the basics of threat hunting &amp; how to get started.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Hunting: Proactively Search for Cyber Threats\" \/>\n<meta property=\"og:description\" content=\"Cyber threat hunting is a proactive approach to cybersecurity. Learn the basics of threat hunting &amp; how to get started.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-17T23:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-31T20:59:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"670\" \/>\n\t<meta property=\"og:image:height\" content=\"377\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kaye Timonera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kaye Timonera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\"},\"author\":{\"name\":\"Kaye Timonera\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/fe08088ba462401e4aea214869e2fc2f\"},\"headline\":\"What is Cyber Threat Hunting? Definition, Techniques &#038; Steps\",\"datePublished\":\"2023-02-17T23:00:00+00:00\",\"dateModified\":\"2023-07-31T20:59:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\"},\"wordCount\":2074,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg\",\"keywords\":[\"threat hunting\"],\"articleSection\":[\"Threats\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\",\"name\":\"Threat Hunting: Proactively Search for Cyber Threats\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg\",\"datePublished\":\"2023-02-17T23:00:00+00:00\",\"dateModified\":\"2023-07-31T20:59:00+00:00\",\"description\":\"Cyber threat hunting is a proactive approach to cybersecurity. Learn the basics of threat hunting & how to get started.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg\",\"width\":670,\"height\":377,\"caption\":\"threat hunting\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is Cyber Threat Hunting? Definition, Techniques &#038; Steps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/fe08088ba462401e4aea214869e2fc2f\",\"name\":\"Kaye Timonera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/kathryn-timonera-150x150.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/kathryn-timonera-150x150.png\",\"caption\":\"Kaye Timonera\"},\"description\":\"eSecurity Planet and Datamation writer Kathryn Pearl Timonera has covered a wide range of industries in her career, including technology, cybersecurity, e-commerce, programming, aviation, finance, insurance, and business, and she managed the marketing team of a full stack development online school. After starting her career as a teacher, Kathryn now applies her talent for presenting information to technology and cybersecurity professionals.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/ktimonera\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Hunting: Proactively Search for Cyber Threats","description":"Cyber threat hunting is a proactive approach to cybersecurity. Learn the basics of threat hunting & how to get started.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/","og_locale":"en_US","og_type":"article","og_title":"Threat Hunting: Proactively Search for Cyber Threats","og_description":"Cyber threat hunting is a proactive approach to cybersecurity. Learn the basics of threat hunting & how to get started.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/","og_site_name":"eSecurity Planet","article_published_time":"2023-02-17T23:00:00+00:00","article_modified_time":"2023-07-31T20:59:00+00:00","og_image":[{"width":670,"height":377,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg","type":"image\/jpeg"}],"author":"Kaye Timonera","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Kaye Timonera","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/"},"author":{"name":"Kaye Timonera","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/fe08088ba462401e4aea214869e2fc2f"},"headline":"What is Cyber Threat Hunting? Definition, Techniques &#038; Steps","datePublished":"2023-02-17T23:00:00+00:00","dateModified":"2023-07-31T20:59:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/"},"wordCount":2074,"commentCount":0,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg","keywords":["threat hunting"],"articleSection":["Threats"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/","url":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/","name":"Threat Hunting: Proactively Search for Cyber Threats","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg","datePublished":"2023-02-17T23:00:00+00:00","dateModified":"2023-07-31T20:59:00+00:00","description":"Cyber threat hunting is a proactive approach to cybersecurity. Learn the basics of threat hunting & how to get started.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2019\/05\/hacker.jpg","width":670,"height":377,"caption":"threat hunting"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"What is Cyber Threat Hunting? Definition, Techniques &#038; Steps"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/fe08088ba462401e4aea214869e2fc2f","name":"Kaye Timonera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/kathryn-timonera-150x150.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/kathryn-timonera-150x150.png","caption":"Kaye Timonera"},"description":"eSecurity Planet and Datamation writer Kathryn Pearl Timonera has covered a wide range of industries in her career, including technology, cybersecurity, e-commerce, programming, aviation, finance, insurance, and business, and she managed the marketing team of a full stack development online school. After starting her career as a teacher, Kathryn now applies her talent for presenting information to technology and cybersecurity professionals.","url":"https:\/\/www.esecurityplanet.com\/author\/ktimonera\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/7843"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/318"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=7843"}],"version-history":[{"count":1,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/7843\/revisions"}],"predecessor-version":[{"id":31269,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/7843\/revisions\/31269"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/27346"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=7843"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=7843"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=7843"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=7843"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=7843"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=7843"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}