Security News > 2021 > August > Understanding and Improving the Burden on Threat Hunters
The report seeks to "Track the level of maturity at which analyst teams and threat hunting teams are operating," It defines maturity as the use of threat intelligence, internal threat hunting, and external threat reconnaissance.
Most threat hunting teams do some form of external threat reconnaissance; but few do it to the extent recommended by Team Cymru.
Team Cymru's premise is that cybersecurity defense is best served by a combination of internal threat hunting, and external threat reconnaissance.
If we can train or acquire a greater number of natural internal threat hunters, we will not then need to find additional external threat reconnaissance personnel.
It would consequently place a lesser strain on the security budget to recruit more responders and to release the existing threat hunters to concentrate on their primary function perhaps even providing the ability to look beyond internal threat hunting to include external reconnaissance.
The analysis of the current state of internal threat hunting portrays a discipline with huge potential for improvement, and can pinpoint indicators that can be used to improve the effectiveness of existing threat hunting teams.