Unveiling the Hunter-Gatherers: Exploring Threat Hunting Practices and Challenges in Cyber Defense

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

Abstract

The dynamic landscape of cyber threats constantly adapts its attack patterns, successfully evading traditional defense mechanisms and operating undetected until its objectives are fulfilled. In response to these elusive threats, threat hunting has become a crucial advanced defense technique against sophisticated and concealed cyber adversaries. However, despite its significance, there remains a lack of deep understanding of the best practices and challenges associated with effective threat hunting. To address this gap, we conducted semi-structured interviews with 22 experienced threat hunters to gain deeper insights into their daily practices, challenges, and strategies to overcome them. Our findings show that threat hunters deploy various approaches, often mixing them. They argue that flexibility in their approach helps them identify subtle threat indicators that might otherwise go undetected if using only one method. Their everyday challenges range from technical challenges to people and organizational culture challenges. Based on these findings, we provide empirical insights for improving threat-hunting best practices.
Original languageEnglish
Title of host publicationSEC '24
Subtitle of host publicationProceedings of the 33rd USENIX Conference on Security Symposium
PublisherUSENIX Association
Pages3313-3330
Number of pages18
ISBN (Electronic)9781939133441
Publication statusPublished - 12 Aug 2024

Fingerprint

Dive into the research topics of 'Unveiling the Hunter-Gatherers: Exploring Threat Hunting Practices and Challenges in Cyber Defense'. Together they form a unique fingerprint.

Cite this