Priyanka Badva, Kopo M. Ramokapane, Eleonora Pantano, and Awais Rashid, University of Bristol
The dynamic landscape of cyber threats constantly adapts its attack patterns, successfully evading traditional defense mechanisms and operating undetected until its objectives are fulfilled. In response to these elusive threats, threat hunting has become a crucial advanced defense technique against sophisticated and concealed cyber adversaries. However, despite its significance, there remains a lack of deep understanding of the best practices and challenges associated with effective threat hunting. To address this gap, we conducted semi-structured interviews with 22 experienced threat hunters to gain deeper insights into their daily practices, challenges, and strategies to overcome them. Our findings show that threat hunters deploy various approaches, often mixing them. They argue that flexibility in their approach helps them identify subtle threat indicators that might otherwise go undetected if using only one method. Their everyday challenges range from technical challenges to people and organizational culture challenges. Based on these findings, we provide empirical insights for improving threat-hunting best practices.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Priyanka Badva and Kopo M. Ramokapane and Eleonora Pantano and Awais Rashid},
title = {Unveiling the {Hunter-Gatherers}: Exploring Threat Hunting Practices and Challenges in Cyber Defense},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {3313--3330},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/badva},
publisher = {USENIX Association},
month = aug
}
