(To download the 2021 Threat Hunting Report, please complete form at right.)

Threat hunting continues to evolve as an innovative cybersecurity tactic that focuses on proactively detecting and isolating Advanced Persistent Threats (APTs) that might otherwise go undetected by traditional, reactive security technologies.

While many SOCs struggle to cope with the rising security threat workload, more organizations are adopting threat hunting as part of their security operations. They discover that proactive threat hunting can reduce the risk and impact of threats while improving defenses against new attacks.
The 2021 Threat Hunting Report explores the challenges, technology preferences, and benefits of threat hunting to gain deeper insights into the maturity and evolution of the security practice.

Key findings include:

• More than half of respondents (51%) identified reducing exposure to internal threats as their top threat hunting goal. This is followed by reducing the number of breaches and infections (45%) and reducing the attack surface (43%).
• The most common attacks that organizations proactively discover include malware (76%), phishing (71%), network intrusions (46%), and ransomware (41%).
• The top data sources that organizations collect and analyze for threat hunting purposes include endpoint activities (72%), system logs (71%), and firewall traffic (69%).
• 68% of organizations at least occasionally develop insights into adversary infrastructures as part of their threat hunting activities. However, only 21% of organizations are fully focused on gaining these insights.
• Organizations need to collect data from multiple sources to add context to their threat hunting activities. The most common data sources include external threat intelligence feeds (56%), user behavior data (56%), and file activity data.

We would like to thank LookingGlass for supporting this important research.