The little bit of information available on the topic focused on EDR and signature matching on centralized logs. When I went through the current network breach data, it was clear that these processes were not working. The chances of catching an adversary that successfully made it past your layers of protection was minimal at best.

So that year, when John Strand came to me and said, “I think we have a pretty cool tool for finding adversaries on the network” and ran me through a demo of a very early alpha version of AC-Hunter, to say I was blown away would be an understatement. In fact, I was captivated to the point that I don’t think I slept for the next 36 hours.

I feel like we’ve finally turned a corner as threat hunting is starting to go mainstream. We’ve had over 30,000 people attend our threat hunting training class. The threat hunting Discord server now has over 23,000 members with engaging and frequent conversations. NIST special publication 800-53 now calls out threat hunting as a requirement.

In short, the future of threat hunting is so bright we’ve included a set of shades in this issue.

Best,

Chris Brenton