ThreatQuotient-sponsored SANS study of Threat Hunting

ThreatQuotient, a pioneer in the security operations platform market, today announced the results of the SANS Threat Hunting 2019 study.

The study, sponsored by ThreatQuotient and conducted by SANS is, based on data collected from 575 participating companies that either work with or operate their own threat hunting teams.

Unlike the Security Operations Center (SOC) and Incident Response (IR) teams, threat hunters not only respond to network threats, they proactively search for them. This involves making hypotheses on the existence of potential threats, which are then either confirmed or disproven on the basis of collected data.

Markus Auer, Regional Sales Manager CE at ThreatQuotient, said: “However, the reality within corporate IT is often different. In many teams, the distinction between SOC, IR and threat hunting is too blurred, and threat hunters are used for reactive processes contrary to their actual role.”

The SANS study data confirms that most threat hunters react to alerts (40%) or data such as indicators of compromise from the SIEM (57%). Only 35% of participants say that they work with hypotheses during threat hunting – a process that should be part of the arsenal of every threat hunter. “Responding to threats is important for security, but it is not the main task of the threat hunter. They should be looking for threats that bypass defenses and never trigger an alert,” Auer emphasizes.

The fact that threat hunting is still in its infancy is evident based on suboptimal prioritization of resources. “Many companies are still in the implementation phase and are more willing to spend money on tools than on qualified experts or training existing employees to be threat hunters,” says Mathias Fuchs, Certified Instructor at SANS and co-author of the study. “When threat hunting is carried out, it is more of an ad hoc approach than a planned program with budget and resources.”

For more news visit here.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Markus Auer

ThreatQuotient-sponsored SANS study of Threat Hunting

ThreatQuotient, a pioneer in the security operations platform market, have announced the results of the SANS Threat Hunting 2019 study
Ned Baltagi

SANS announces its biggest ever Gulf Region Cyber Security Training Event in Dubai

SANS Institute, the world leader in cyber security training and certification, returns to Dubai in November with its biggest yet Gulf Region event
SANS

SANS Dubai 2019 helping to develop strong talent to address region’s cyber security skills shortage

SANS Institute has announced that it is holding its next renowned immersion-style Cyber Security Training program in Dubai.
Scroll to Top