The expression “assume breach” has become common in the information security industry. Far too often, intrusions go undetected for extended periods of time or until an external party discovers a breach and notifies the organization.
Given the increasingly targeted and even personalized nature of attacks, network defenders must move beyond a reactive posture and instead hunt for unknown breaches. This systematic pursuit of unknown adversaries is known as threat hunting.