June 4, 2024 at 05:16PM
The 2024 SANS Threat Hunting Survey reveals a rise in organizations adopting formal threat-hunting processes, reflecting a standardized approach in cybersecurity strategies. The survey’s participants span various industries and organization sizes, showcasing the multifaceted nature of threat hunting. Notably, prevalent cyber threats include BEC and ransomware, prompting evolving threat-hunting practices and planned investments in AI and ML.
The SANS 2024 Threat Hunting Survey reviews the growing maturity of threat-hunting methodologies, marked by an increase in organizations adopting formal processes despite challenges like skill shortages and tool limitations. The survey attracted participants from various industries, with cybersecurity leading at 15% and 9% from the manufacturing sector. Notably, the survey found a prevalence of business email compromise (BEC) and ransomware as significant cyber threats, with evolving TTPs employed in different attack scenarios. Organizations have notably evolved their threat-hunting practices, with over half adopting clearly defined methodologies and a decrease in those without formal methodologies. The involvement of the chief information security officer (CISO) in developing threat-hunting methodologies is significant in 40% of cases. Benefits of better threat-hunting efforts include improved endpoint security and reduced remediation resources. Moreover, the survey highlights a significant planned investment in both staff and tools in the next 24 months, emphasizing the strategic importance of threat hunting.