Skip to content
Censys Search Teams: Industry-leading internet intelligence for growing security teams and organizations | Learn More
Blogs

Key Insights from The 2024 State of Threat Hunting Report

What’s really on the minds of today’s threat hunters?

That’s what our new 2024 State of Threat Hunting Report set out to uncover. The report surveyed 200+ cybersecurity professionals with threat hunting titles from various industries across North America and Europe. We asked about everything from how often they engage in threat hunting exercises, to the tools they use, to the biggest challenges they’re up against.

Their responses paint a picture of a discipline with much opportunity: opportunity to coalesce around more standard practices, opportunity to leverage better tools and intelligence, and opportunity to benefit from more support from their organizations. Though opportunity still abounds, encouragingly nearly half of threat hunters say that the job has become easier in recent years.

Let’s get into some of the top takeaways from their responses.

Interested in the full report? Snag your copy here.

Key Insights

1. The majority of threat hunters are using AI, and finding it very useful

Though our report finds that the majority of threat hunters are still using traditional security monitoring tools, that doesn’t mean they’ve turned a blind eye to all new tech. Most say they’re also making use of AI-based tools in their threat hunting efforts, and finding them very helpful. On average across geographic regions, only 7% of respondents say they didn’t use any AI-based threat hunting tools within the last year. Of the 93% that did leverage AI, 74.8% said that they found the tools “very helpful.”

2024 State of Threat Hunting Report - AI-Based Tools Chart

There are many ways that threat hunters might be using these AI-based tools. In particular, we know that over half of our respondents say that their threat hunts are triggered by irregularities detected by AI-powered tools. AI-based tools can also be used to generate automated threat hunting queries, analyze threat intelligence feeds, and identify patterns and IOCs. Threat hunters that use Censys Search can use its AI-powered CensysGPT feature to translate natural language or competitor queries into Censys Search queries.

2. False positives and unknown assets pose formidable challenges

Our reporting finds that false positives and unknown assets are making the job of the threat hunter even more challenging.

False positives: All respondents say they encounter at least some false positives, but the greatest percentage are finding that between 6% and 20% of their results are inaccurate. Almost one-third of respondents are finding that over 20% of their results are false positives. This reflects considerable unproductive effort as threat hunters waste valuable time and resources investigating benign activity. Threat hunters who frequently encounter false positives also risk alert fatigue, and as a result overlook true positives that actually pose a threat to their organization.

2024 State of Threat Hunting Report False Positives Chart

Unknown assets: To do their jobs well, threat hunters need a full understanding of the organization’s attack surface. Which assets might adversaries target? Where do we have exposures? In the process of identifying the full attack surface during threat hunting, the majority of respondents always or frequently discover previously unknown assets. That is, assets that are tied to the organization’s network, but which the security team isn’t aware of. Think: Shadow IT. This highlights the pervasive risk of these unauthorized or forgotten connections, and underscores the need for more accurate and continuous Attack Surface Management. Organizations without automated ASM solutions can inadvertently push the important work of discovering unknown assets into the laps of their threat hunting teams, and add to their already busy workloads.

3. Soft skills matter, but are lacking

Threat hunters could use help communicating to various stakeholders about threat hunting results that negatively impact the organization. Across stakeholders, threat hunters say they are most comfortable sharing negative news with their direct managers. This isn’t surprising given that threat hunters likely have more established relationships with these leaders and benefit from a shared technical foundation. That said, only 68% of respondents say they are “fully confident” communicating with their managers.

Communication confidence drops off for other stakeholder groups. Less than 50% of respondents feel “very confident” reporting negative findings to stakeholders in legal or public relations roles and more respondents selected “minimally confident” or “not confident at all” for this group of stakeholders than for any other.

2024 State of Threat Hunting Report Communication Chart

These stakeholders arguably have the greatest need to understand a threat’s potential impact to the organization. Yet, it’s likely for this very reason that threat hunters feel less confident communicating with these stakeholders. Understanding the scope and potential impact of a threat is a critical need for stakeholders across the business, and gaps here can have wide-ranging consequences.

Explore more findings

Get your copy of The 2024 State of Threat Hunting Report for more insight into:

  • The three things threat hunters say would make their jobs easier
  • How many threat hunters say they are close to burnout
  • The automated tools threat hunters are, and are not, using
  • And more!

Read Full Report

About the Author

Rachel Hannenberg
Content Marketing Manager
As the Content Marketing Manager at Censys, Rachel Hannenberg focuses on creating content that engages and informs the Censys community. Rachel has worked in marketing content strategy for nearly a decade, including at B2B SaaS companies and in higher education.

Similar Content

Back to Resources Hub
Attack Surface Management Solutions
Learn more