Threat Hunting

Definition

Threat hunting is the proactive search for hidden threats and attackers already present in a network, but not yet picked up by automated detection systems.

Unlike reactive incident response, threat hunting starts with a hypothesis: "what if an attacker is already present?" Threat hunters analyse logs, network traffic and system behaviour looking for subtle indicators of malicious activity.

Threat hunters use threat intelligence, TTPs (Tactics, Techniques and Procedures) from frameworks such as MITRE ATT&CK, and advanced analytics. They look for anomalies that automated systems miss.

Organisations without their own threat hunting capability can outsource this via an MDR service. DEFION offers 24/7 managed threat hunting as part of its Active Defense.

Related terms

MDR (Managed Detection & Response) SOC (Security Operations Center) IOC (Indicator of Compromise) TTP (Tactics, Techniques and Procedures)
← Back to glossary