.PNG "DFIR_ICON_(1).PNG"){kind=icon}
In an era where cybersecurity is a paramount strategic priority for enterprises, SANS Institute's 2024 Threat Hunting Survey provides an in-depth exploration of how threat hunting practices are evolving to address the complexities of a rapidly changing threat landscape. Celebrating its ninth year, for this annual survey, SANS canvassed organizations worldwide to assess their threat hunting activities over the previous year and gather insights on potential future trends.
Increased Formalization and Methodology Adoption
A significant highlight from this year's findings is the marked increase in organizations that have formally established their threat hunting methodologies, with the number rising from 35% in the previous year to 51% in 2024. This uptrend represents a strategic shift toward standardizing processes aimed at improving threat detection and enhancing incident response capabilities. The trend towards formalization not only reflects a maturing industry but also shows that enterprises are recognizing and implementing structured threat hunting as a critical component of their cybersecurity defenses. This structured approach is increasingly seen as essential for developing a proactive defense mechanism that can effectively counteract the sophistication of modern cyber threats.
Challenges and Solutions in Skilling and Tools
While progress is evident, the survey continues to highlight enduring challenges, notably the shortage of skilled cybersecurity professionals and ongoing issues with the quality of data and tools. The gap in skilled personnel, although reduced from 73% in 2023 to 50% in 2024, remains a significant obstacle for many organizations. To counter these challenges, an increasing number of organizations have taken the initiative to conduct their own bespoke research, aiming to develop customized threat intelligence solutions that cater specifically to their unique operational needs. This shift demonstrates a proactive strategy in building internal competencies and adapting to tool limitations, thereby enhancing overall threat intelligence capabilities.
Outsourcing Trends and Their Implications
Further insights from the survey reveal a growing trend towards outsourcing threat hunting tasks, with 37% of organizations now leveraging external services for this function. While outsourcing can provide rapid scalability and access to specialized expertise, it also introduces potential risks, including misalignment with an organization’s unique systems and the broader threat landscape, as well as challenges related to data governance and control. This reliance on external providers underscores the need for enterprises to maintain a balanced approach, ensuring that outsourced services are seamlessly integrated with internal security objectives and align with corporate strategies to avoid gaps in security coverage.
Measuring Success and Strategic Alignment
Encouragingly, there is a significant uptick in the number of enterprises measuring the effectiveness of their threat hunting efforts—64% in 2024 compared to 34% in the previous year. This increasing focus on metrics highlights a broader acknowledgment of the importance of quantifiable outcomes in refining security postures and aligning cybersecurity efforts with business objectives. Although most organizations report positive outcomes from their threat hunting initiatives, the survey points to a continuous need for refining these strategies to optimize their effectiveness and ensure they deliver measurable improvements in security.
Continuous Evolution and Integration
As cyber threats evolve, so must the strategies to combat them. The SANS survey points to a trend of frequent reviews and updates to threat hunting methodologies, with many organizations adjusting their approaches as needed or on a regular basis. This adaptability is crucial for keeping pace with adversaries and effectively managing the complexities of modern enterprise environments.
The 2024 SANS Threat Hunting Survey underscores the indispensable role of enterprise threat hunting within the contemporary cybersecurity ecosystem. As organizations grow increasingly aware of the benefits of proactive threat detection and tailored intelligence, the integration of sophisticated threat hunting strategies into broader cybersecurity frameworks is not only recommended but essential. By employing skilled personnel, adopting standardized methodologies, and committing to continuous improvement, enterprises are better equipped to anticipate, respond to, and mitigate emerging threats, thus safeguarding their operations against the unpredictable and chaotic nature of the cyber world.
If you would like to learn more about the threat hunting survey’s findings, download the report here and watch the webcast here.
And if you are interested in learning more about threat hunting or increasing your DFIR skills, sign up for a free demo of the SANS Threat Hunting courses, FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics and FOR608: Enterprise-Class Incident Response & Threat Hunting.
.png "CTI_Blog_part_1_(1).png")
