Suddenly, new market jargon “threat hunting” is spreading around under cybersecurity domain.
It is a kind of proactive measure to uncover if your environment has already been penetrated and critical info are being exfiltrated.
This kind of exercise is best executed by 3rd party periodically, because:
- If this is due to insider threat, it won’t be surfaced
- In-house workforce might have assumption for certain things that won’t go wrong
- Periodic check is for assurance because the threat hunting only spots situation at a particular point in time and its past, it cannot predict the future
A more holistic approach is to augment this threat hunting exercise with workforce and business process strengthening to identify vulnerabilities for effective risk reduction.