Threat Hunting
Definition
Threat hunting is the proactive search for threats or suspicious activity within an organization's environment that may have evaded automated detection systems.
Examples
- A security analyst investigates unusual outbound traffic patterns to determine if a system has been compromised.
- Threat hunters identify signs of lateral movement across servers that were missed by the intrusion detection system.
Overview
Threat hunting is a proactive cybersecurity practice focused on identifying threats that may have bypassed traditional detection tools like antivirus, firewalls, or SIEM alerts. Rather than waiting for alarms to be triggered, threat hunters actively search for signs of compromise, suspicious behavior, or stealthy attackers already operating within the environment.
The goal of threat hunting is to uncover hidden threats early — before they cause serious damage — by using human intuition, knowledge of attacker behavior, and deep analysis of data collected across the organization. This approach is particularly useful for detecting advanced persistent threats (APTs), insider threats, and novel attack techniques that signature-based tools may miss.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.