Cybersecurity Insiders just released the results of their survey about threat hunting practices. The results confirm that security professionals generally think threat hunting is a good idea and wish their organizations would be doing more proactive threat hunting than they are.
The results also highlighted a divide, or lack of clarity, in the definition of the term « threat hunting » itself. In the Cyber Security Insiders survey, 52% of respondents indicated that their threat hunting efforts were primarily proactive (commencing before any threat is detected) and 48% indicated a reactive approach (in response to a new or ongoing incident).
Moreover, 59% of respondents indicated Automatic Threat Detection as the most important feature for a threat hunting tool. This indicates that the respondent pool has a widely ranging view of what kind of activity can be considered « threat hunting » versus investigation, incident response, and other related activities.