Top 10 Business Requirements for an Enterprise Cyber Threat Hunting Solution

A cyber threat hunting solution should not simply be another layer of real-time detection. There are significant differences in the goals of a real-time detection tool (like antivirus) and a pure threat hunting solution. This article explores the top ten business requirements for selecting an enterprise cyber threat hunting solution.

By Chris Gerritz, Co-founder and Chief Product Officer at Infocyte

Threat hunting—traditionally a highly specialized skillset—is now entering conversations about enterprise endpoint security. Within the realm of endpoint security, Threat Hunting Platforms complement your existing cybersecurity defenses (like EDR, EPP, AV, and UEBA) by approaching endpoint security from a different angle…

The practice of threat hunting is a proactive approach to cybersecurity, whereby a hunter forensically inspects the endpoints on your network for indications of compromise, threats (malware, ransomware, breaches, etc.) and vulnerabilities. Traditionally, it’s a very time-consuming process; however, threat hunting platforms like Infocyte HUNT have automated and simplified the process of threat hunting, enabling enterprise security teams to hunt an entire network in as little as a day.

Threat hunting solutions produce, sort, and score “leads” (threats) into suspicious activity and adversary presence. A threat hunting solution should not simply be another layer of real-time detection. There are significant differences in the goals of a real-time detection tool (like antivirus) and a pure threat hunting solution.

For example, enterprise antivirus and real-time intrusion detection solutions focus on actionable alerting of attacks in progress while minimizing false positives. Threat hunting solutions, on the other hand, focus on two things:

Post-compromise behavior and indicators of compromise (i.e. as described by MITRE ATT&CK).

Enable proactive and effective investigation into anomalies, outliers, and other suspicious activity which may have not produced an actionable, high confidence alert.

The following goals are examples tailored for a typical enterprise which has to balance budgets, time, manpower, and skills.


An ideal enterprise threat hunting solution:

Should produce, sort, and score leads into suspicious post-compromise activity or indicators.

Should enable a quick path to verify and investigate those leads to a conclusion.

Must provide answers to questions that were previously unanswerable.

Must not cause outages on the way to those answers [low business impact]

Must not take a team of engineers to support.

Must be accessible and approachable to a wide level of skill and experience.

Must be cost effective; must not take excessive resources to deploy, staff, and fund.

Must find things related to a real adversary you are likely to find in your environment.

Should provide data and conclusions useful for responding or mitigating a discovered compromise.

Should scale to the maturity of the organization.

To learn more about cyber threat hunting and request a live demonstration of Infocyte’s Threat Hunting and Incident Response Platform, Infocyte HUNT, please visit

About the Author

Chris Gerritz, a retired Air Force officer and service-disabled veteran, is a pioneer in proactive cybersecurity operations, having stood up the U.S. Air Force’s first interactive Defensive Counter Cyberspace (DCC) practice. After medically retiring from the Air Force, Chris helped co-found Infocyte and develop the leading independent Threat Hunting & Incident Response platform, Infocyte HUNT.

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.