Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful? If not - what is stopping you from setting this up?

Awareness & Training Threat Intelligence & Incident Response

681 views2 Comments

Sort by:

CISO in Softwarea month ago

The first question to ask is whether you are ready with the data lake, resources and time to invest in this space. Not all companies can make this investment internally and are often best working with an external provider to explore this space as a project.

Chief of Information Security in Energy and Utilitiesa month ago

If you have an IR retainer, I'd evaluate their threat hunting service. This usually provides 24/7 threat hunting at the cost of 1-2 FTE (e.g., CrowdStrike Overwatch). If you wish to build your team, consider your ability to attract and retain skilled staff while providing 24/7 coverage.

Content you might like

How valuable to maintaining Linux system version and configuration consistency 100% of the time is a sys admin being able to see the aggregate compliance of a group of system?

Highly Valuable25%

Moderately Valuable48%

Not valuable at all26%

View Results

When applying a patch, how valuable to reducing regressions is this if a system administrator has visibility into only the Linux systems they own/manage that are in violation of company compliance policies?

Highly Valuable28%

Moderately Valuable69%

Not at all Valuable3%

View Results

What tools/services do you use for CTEM (continuous threat exposure management)?

What’s your “hot take” when it comes to security questionnaires?

How are you making sure the security team has visibility into social engineering attempts on helpdesk staff, especially with attacks using voice impersonation or other deepfake techniques?