Abstract
The dynamic landscape of cyber threats constantly adapts its attack patterns, successfully evading traditional defense mechanisms and operating undetected until its objectives are fulfilled. In response to these elusive threats, threat hunting has become a crucial advanced defense technique against sophisticated and concealed cyber adversaries. However, despite its significance, there remains a lack of deep understanding of the best practices and challenges associated with effective threat hunting. To address this gap, we conducted semi-structured interviews with 22 experienced threat hunters to gain deeper insights into their daily practices, challenges, and strategies to overcome them. Our findings show that threat hunters deploy various approaches, often mixing them. They argue that flexibility in their approach helps them identify subtle threat indicators that might otherwise go undetected if using only one method. Their everyday challenges range from technical challenges to people and organizational culture challenges. Based on these findings, we provide empirical insights for improving threat-hunting best practices.
| Original language | English |
|---|---|
| Title of host publication | SEC '24 |
| Subtitle of host publication | Proceedings of the 33rd USENIX Conference on Security Symposium |
| Publisher | USENIX Association |
| Pages | 3313-3330 |
| Number of pages | 18 |
| ISBN (Electronic) | 9781939133441 |
| Publication status | Published - 12 Aug 2024 |