How are Threat Hunting and Pentesting different?

• Threat Hunting: Actively looks for signs of compromise in a systems before alerts trigger.
• Pentesting: Simulate attacks to find vulnerabilities in defenses.

What is the primary objective of Threat Hunting?

• To find potential security breaches before they become serious.

Your organization has a fully functioning SOC but not active Threat Hunting. How would you advocate for your security organization to start Threat Hunting activities?

• By explaining that Threat Hunting is proactive, unlike waiting for alerts, show that current methods like log analysis are weak from studies, mention third parties often discover breaches, and suggest Threat Hunting as a solution based on examples and evidence.

References

https://www.activecountermeasures.com/what-is-threat-hunting-and-why-is-it-so-important-video-blog/