Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS 2020 Threat Hunting Survey Results

  • Tuesday, December 15, 2020 at 10:30 AM EST (2020-12-15 15:30:00 UTC)
  • Mathias Fuchs, Joshua Lemon


  • Analyst1
  • Anomali
  • BlackBerry
  • Cisco Systems
  • Corelight
  • DomainTools
  • Secureworks
  • Sophos Inc.
  • Swimlane
  • ThreatQuotient

You can now attend the webcast using your mobile device!



According to past SANS surveys, many organizations aren't hunting for threats before they become incidents. This year's SANS Threat Hunting Survey looks at why that is and how security departments can reap the benefits of proactive hunting. For example: 

  • How do hunters conduct their searches for signs of a threat or indicators of compromise not yet detected by other security systems? 
  • Are they regularly checking on known threats targeting misconfigurations and other vulnerabilities? 
  • Do they find value in looking for totally unknown attack types? 
  • What type of access do hunters have to detection and response teams and for what purposes? 
  • Does their automation match with what the human operators need to assist in their hunts? 

Click here to register for a panel discussion involving the authors and sponsor representatives on Friday, December 18, 3:30 (ET) to learn more about how your organization can use these survey results to improve your threat hunting.

View the associated survey results here.

Speaker Bios

Mathias Fuchs

Mathias Fuchs, a certified instructor for SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, is head of cyber defense at InfoGuard AG, where he is actively engaged in building the incident response (IR) practice. In that role he uses his knowledge to shape his team; develop the necessary forensic, IR and threat hunting capabilities; and proactively mediate security vulnerabilities that would be more difficult to manage later. Prior to joining InfoGuard, Mathias was a principal consultant at Mandiant, where he led large-scale cybersecurity investigations. He also was the lead security architect at T-Systems and a security consultant for international clients in a variety of industries.

Joshua Lemon

Josh Lemon is a certified instructor for the SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics and the SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response courses. He is a Managing Director at Ankura, leading their digital forensics and incident response practice in Australia, where he assists government and commercial clients with sophisticated compromises and threat hunting. Josh’s experience in cybersecurity includes project management, threat hunting, IR, forensic analysis, reverse engineering, penetration testing, secure network design and software development. He holds GREM, GCFA, GDAT, GNFA, GCIH, GPEN, GPYC certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.