Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Trustwave Blog

3 Ways Your Threat Hunting Program Could Be Failing You

As a concept, threat hunting has a somewhat glitzy name and, on the surface, may appear to be a project that an organization can pull off by simply adding a couple of automatic detection tools and then tasking a few security staffers to keep an eye on the results that pour in.

Nothing could be further from the truth. In fact, to be conducted properly, threat hunting requires an integrated team of security specialists using a platform specifically designed for threat hunting.

Gartner defines threat hunting as searching for security threats by looking for traces of attackers, past and present, in an IT environment. Organizations that employ threat hunting use an analyst-centric process to uncover hidden, advanced threats missed by automated, preventative and detective controls.

However, if an organization does not handle threat hunting correctly, the information gathered will be of little use, and the defense put in place will likely be ineffective.

Here are three common ways a threat hunting program goes off track.

1. A Lack of Human Involvement

As Gartner’s definition states, threat hunting is an analyst or human-driven endeavor. The concept of threat hunting is often incorrectly defined as being centered on security teams simply detecting threats using automated tools. However, a human element must be involved when creating a successful threat hunting team.

Specifically, it’s critically important that an organization have a security staff with the experience and training to conduct threat hunting properly. The task is not something that just anyone can handle. It requires a certain mindset and level of training to do so correctly.

2. Being Passive

Threat hunting is a proactive activity conducted by security teams that combines automated tools, such as Endpoint Detection and Response (EDR), with analysts using a hands-on approach to parse through the data for adversaries and infiltration vectors they can exploit. The people in the chain must actively search through the data being gathered, looking for anomalous behavior that tools alone won’t detect. 

3. No Preparation

A team cannot simply start “threat hunting.” There are a number of preparatory actions a team must implement before the project commences. First, the team charged with protecting an organization must answer a list of questions that will help create a profile that will guide the defenders during their task.

A good threat hunting team will begin this process when it takes on a project to gather up information on the environments involved, discover what threat actors have been actively attacking such environments, determine what the attackers are looking to accomplish, and where similar organizations have been shown to be vulnerable.

The intelligence gathered through this process is used to generate a custom hunt for that customer, relying on field experience to help find where the attackers typically are and what tactics they tend to use.

Interested in learning what other attributes a good threat hunting program should have? Download our Proactive Threat Hunting Data Sheet below.



Trustwave Proactive Threat Hunting

People are at the core of threat hunting and central to the practice. Trustwave Proactive Threat Hunting combines human-driven and automated process with supported technologies in your existing environment and our purpose-built threat hunting capabilities to help you get ahead of your adversaries.


Latest Trustwave Blogs

Trustwave’s Observations on the Recent Cyberattack on Aliquippa Water Treatment Plant

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity &...

Read More

How Trustwave Can Assist Tribal Governments Applying for $18 Million in DHS Cybersecurity Grants

Tribal governments are among the most underserved organizations in the US when it comes to cybersecurity preparation, with threat actors striking multiple tribes with a variety of cyberattacks.

Read More

Trustwave Backs New CISA, NCSC Artificial Intelligence Development Guidelines

The U.S. Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC) today jointly released...

Read More