SANS Security West 2021 is right around the corner! Choose from over 30 interactive courses, plus Core & Cyber Defense NetWars.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Threat Hunting-Modernizing Detection Operations: The SANS 2017 Threat Hunting Survey Results | Part 1

  • Wednesday, April 26, 2017 at 1:00 PM EDT (2017-04-26 17:00:00 UTC)
  • Zach Hill, Travis Farral, Rob Lee, Ely Kahn


  • Anomali
  • DomainTools
  • Malwarebytes
  • Rapid7 Inc.
  • Sqrrl Data, Inc.
  • ThreatConnect

You can now attend the webcast using your mobile device!



In this webcast, SANS will release results of its second annual Threat Hunting Survey. According to our previous survey on this topic, the 2016 SANS Survey on Threat Hunting, 86% of IT departments utilized threat hunting, although only 40% had any formal threat hunting program, and 88% said their threat hunting programs needed to be improved.

Have threat-hunting programs been formalized over the past year? And if so, to what degree? Is hunting being used more proactively than in 2016? Rather than relying on indicators of compromise to start a hunt, are hunters proactively searching for the unknown?

This webcast, the first of a two-part report of the SANS Threat Hunting Survey will look at the current state of threat-hunting programs and how they have changed in the past year. In it, attendees will learn:

  • How regularly respondent organizations hunt for threats
  • Whether respondents have been more successful at hiding their hunts from adversaries
  • What improvements they've made in the time it takes to hunt for threats
  • How they utilize their hunting information (prevention, response, improved risk posture)
  • What inhibitors hold organization back from achieving proactive, continuous threat hunting

Click here to be among the first to receive access to full survey results paper, developed by SANS Fellow Rob Lee, publishing in association with the SANS Threat Hunting and Incident Response Summit.

Click here to register for the second part of the two-part results webcast on Thursday, April 27, 2017 . That webcast will focus on the skills required for threat hunters, along with best practices, tools and threat intelligence feeds that make up the hunting ecosystem.

Speaker Bios

Rob Lee

Rob Lee is the curriculum lead and author for digital forensic and incident response training at the SANS Institute. With more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services in the Washington, D.C. area. Before starting his own business, Rob worked with government agencies in the law enforcement, defense and intelligence communities as a lead for vulnerability discovery and exploit development teams, a cyber forensics branch, and a computer forensic and security software development team. He also worked for a leading incident response service provider and co-authored Know Your Enemy: Learning About Security Threats, 2nd Edition.

Travis Farral

Travis Farral is the director of security strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response and industrial control systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.

Zach Hill

Zach Hill is the Director of Sales at DomainTools and has over 15 years of business strategy and enterprise sales experience. At DomainTools, he helps clients achieve their goals for utilizing threat intelligence in their security operations. He believes in empowering analysts by giving them valuable context on threats and moving them to a more proactive security posture via threat hunting. With a laser focus on customer needs, Zach helps define the DomainTools suite of security products including Iris and PhishEye.

Ely Kahn

Ely Kahn is co-founder and VP of Business Development for Sqrrl. Previously, Ely served in a variety of positions in the federal government, including director of cybersecurity at the National Security Staff in White House, deputy chief of staff at the National Protection Programs Directorate in the Department of Homeland Security, and director of risk management and strategic innovation in the Transportation Security Administration. Before his service in the federal government, Ely was a management consultant with Booz Allen Hamilton. He has a BA from Harvard University and a MBA from the Wharton School at the University of Pennsylvania.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.