New SANS Whitepaper Provides an In-Depth Look at Effective Threat Hunting

Bethesda, Md. – SANS Institute, the global leader in information security training, today announced a new white paper that offers a deep look into threat hunting including what it is (and what it is not), why it is needed, and how to get started. The whitepaper was developed by SANS faculty members Rob Lee & Robert M. Lee to help organizations take a proactive approach to identifying adversaries rather than reactively waiting for an alert to go off.

The whitepaper, The Who, What, Where, When, Why and How of Effective Threat Hunting, details the foundation for threat hunting success. For a more complete and in-depth discussion on threat hunting, SANS will host a Threat Hunting and Incident Response Summit & Training April 12 - 19 in New Orleans, LA. Summit attendees will learn hunting and response techniques and strategies from the greatest threat hunters and responders in the information security community.

Summit Chair, Rob Lee, will give attendees an exclusive sneak peek at the results of SANS' first-ever Threat Hunting Survey. Included will be data and feedback on the tools organizations are using for threat hunting; the top skills hunters need to succeed; and how threat hunting affects and is affected by security budgets.

According to Lee, "No matter how thorough an organization's security precautions might be, no network is impenetrable. Persistent and focused adversaries are already in many enterprises. They present a security challenge that requires dedicated and empowered threat hunters who know what adversaries are capable of so they can sniff them out of the network as early as possible, close the gaps and create repeatable processes that can be followed for future hunts."

To download a complimentary copy of the white paper, visit For information on the SANS Threat Hunting and Incident Response Summit & Training, or to register, visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (