Threat Hunting vs Detection Engineering
The Threat Hunting process proactively develops investigative analyses based on a hypothesis that assumes a successful, undetected breach. The threat hunting process can identify active threats in the environment that managed to evade current security controls. This process provides input to the Detection Engineering program, as it can identify deficiencies in detections. The data that’s available to detection engineering is typically the same data that threat hunters utilize. Therefore, threat hunting can also identify deficiencies in the existing data collection infrastructure that will need to be solved and integrated with the detection infrastructure. [1]
Relevant Note(s):
M. Roddie, J. Deyalsingh, and G. J. Katz, Practical Threat Detection Engineering: A Hands-on Guide to Planning, Developing, and Validating Detection Capabilities. Packt Publishing, 2023. ↩︎