Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

Threat Hunting Wisdom: Planning Makes Perfect

10/13/2021 | 09:42am EST
Threat Hunting Wisdom: Planning Makes Perfect While it's important for organizations to implement a threat hunting program as soon as possible, taking time to focus efforts can enable long-term success.Wednesday, October 13, 2021By: Counter Threat Unit Research Team

To guard against the growing volume of increasingly sophisticated cyberthreats, it is critical that organizations add threat hunting to their defense arsenal. It's not enough to react to alerts from threat detection systems. Organizations must proactively seek and neutralize malicious activity that gets past perimeter defenses.

Some security teams rush into threat hunting with a "ready, fire, aim" approach. Deployment (firing) without focus (aiming) can lead to negative consequences:

  • Months of irreplaceable security operations staff time wasted with little to no results
  • Struggles to establish foundational threat-hunting practices with measurable outcomes
  • Failure to demonstrate business value to budget decision-makers, making it difficult or impossible to secure essential funding

By following the traditional "ready, aim, fire" approach, organizations can implement an effective threat hunting program.

Stage 1: Ready

During initial preparation, organizations should address three basic issues:

  • Instrumentation, data collection, and storage - Data gathering and analysis are central to threat hunting. These elements require appropriate infrastructure. A system such as Secureworks® Taegis™ XDR offers long-term storage, threat analytics, and the ability to ingest data from multiple sources (e.g., endpoint, cloud, network, applications).
  • Personnel, processes, and policies - Threat hunting initiatives should have a formal structure with defined roles, responsibilities, and processes. In addition to establishing workflow, communication, and escalation policies, organizations should implement a content management system for the team to easily find and share technical information. It is important to train the entire team on all processes.
  • Continuous, iterative improvement - Organizations need to develop a plan to move from the initial to desired state. That plan can be defined by success metrics, roadmaps, and established models. While plans can change and evolve, concrete milestones ensure progress.

Stage 2: Aim

Before embarking on threat hunting, organizations should decide what they're going to hunt. The following are some well-known models that organizations can use to prioritize and focus initial threat-hunting efforts, and then expand the scope as the team gains skills, data, and experience:

  • Pyramid of Pain - This popular hierarchy arranges threat indicators from the simplest to the most sophisticated. Teams can begin by focusing on basic hash values and IP addresses and later add capabilities to detect rare file hashes, IP addresses, User-Agent strings, unusual data traffic, and unapproved scripts. Being able to search on these atomic indicators through an environment is a fundamental building block for establishing a threat hunting program. As the team's skills advance, they can explore the subtleties of threat actors' tactics, techniques, and procedures (TTPs) and focus on behavior.
  • Hunting Maturity Model - This model offers metrics for tracking progress in areas such as data collection, data analysis, and automation. Teams may begin with simple internal searches and then expand their focus to data retention, customized analysis procedures, and machine learning.
  • MITRE ATT&CK® - This continually expanding knowledgebase lists known threat actor TTPs. A threat hunting program's maturity metric can be measured by how frequently and how well the team leverages this taxonomy.

Stage 3: Fire

After putting operational elements in place (stage 1) and determining the initial focus (stage 2), organizations can begin threat hunting by identifying internal IT assets and investigating possible avenues of attack. From there, the team can examine risk assessments, previous incidents, penetration testing results, and threat intelligence feeds to identify additional threat-hunting use cases. A Jira-like tool can help the team adopt a kanban or scrum approach for continuous improvement.

During this stage, it's important to track threat hunts in the context of the established roadmap metrics. That tracking is ultimately how organization will measure value and justify funding.


There's no turnkey solution for threat hunting. But taking an orderly "ready, aim, fire" approach provides the best chance for success.

View the Secureworks virtual threat hunting workshop to learn more about creating a successful threat hunting program.


SecureWorks Corp. published this content on 13 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 13 October 2021 13:41:08 UTC.

ę Publicnow 2021
All news about SECUREWORKS CORP.
12/03RBC Trims Price Target on SecureWorks to $19 From $20, Maintains Sector Perform
12/02SECUREWORKS CORP Management's Discussion and Analysis of Financial Condition and Resul..
12/02SecureWorks Fiscal Third-Quarter Results Drop With Shift to Higher-Margin Services Seen..
12/02RECOVERING FROM RANSOMWARE : Cyber Insurance and Incident Response
12/02SECUREWORKS : Q3 Fiscal 22 Performance Review Presentation
12/02SecureWorks Q3 Earnings, Revenue Decline
12/02SECUREWORKS : Reports Third Quarter Fiscal 2022 Results with 193% TaegisTM ARR Growth and ..
12/02SECUREWORKS : Fiscal Q3 Earnings Snapshot
12/02Earnings Flash (SCWX) SECUREWORKS Posts Q3 Revenue $133.7M, vs. Street Est of $132.9M
12/02Earnings Flash (SCWX) SECUREWORKS Reports Q3 EPS $0.01, vs. Street Est of $-0.06
More news
Analyst Recommendations on SECUREWORKS CORP.
More recommendations
Financials (USD)
Sales 2022 536 M - -
Net income 2022 -48,7 M - -
Net cash 2022 206 M - -
P/E ratio 2022 -27,5x
Yield 2022 -
Capitalization 1 318 M 1 318 M -
EV / Sales 2022 2,07x
EV / Sales 2023 2,09x
Nbr of Employees 2 696
Free-Float 12,7%
Duration : Period :
SecureWorks Corp. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends SECUREWORKS CORP.
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus UNDERPERFORM
Number of Analysts 7
Last Close Price 15,65 $
Average target price 16,67 $
Spread / Average Target 6,50%
EPS Revisions
Managers and Directors
Wendy K. Thomas President, Chief Executive Officer & Director
Paul M. Parrish Chief Financial Officer & Senior Vice President
Michael Saul Dell Non-Executive Chairman
Kevin Hanes Chief Operating Officer
George Barry Hanna Secretary, Chief Legal & Administrative Officer
Sector and Competitors
1st jan.Capi. (M$)
ACCENTURE PLC37.87%228 288
SNOWFLAKE INC.10.52%103 844