Threat hunters are fighting with added urgency in 2025, as a yearslong spike in attackers utilizing new tactics is adding fuel to the security fire. In 2024, according to Rapid7, ransomware attacks were up for the third year in a row, and this year is expected to continue the trend. It’s a dangerous world out there for security teams—even as ransom payments saw a decline, as Verizon found.
Mike Mitchell, Intel 471 VP of threat hunt intelligence, told IT Brew that the security industry subsector is in a good position in 2025. He stressed the importance of continuing to get in front of the danger rather than falling behind.
“We’re seeing a lot of these actors and threats being able to persist and maintain access by hiding in plain sight, using things that aren’t easily detectable,” Mitchell said. “And so we try to proactively hunt for those behaviors.”
Target practice. According to Team Cymru’s “Voice of a Threat Hunter 2024” report, 49% of those surveyed said they were victims of a breach; 72% of those respondents noted that threat hunting teams helped prevent or mitigate the attack. In order to improve their outcomes, Team Cymru said, organizations need to access better tools—like threat hunting.
Ryan Fetterman, Splunk Surge security strategist, told IT Brew that he was skeptical of that usage of threat hunting. Threat mitigation is a more reactive approach to security than threat hunting, which is more proactive and aimed at exploring the threat surface.
“The intention of threat hunting is still the same: You still are going in with the purpose of finding undetected security incidents,” Fetterman said. “But that’s a bad measuring stick for defining your success, because there’s obviously no guarantee that there are undetected attackers in your network or incidents to find.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Different strokes. It’s unclear how seriously threat hunting is being taken at the federal level. In April, the US Cybersecurity and Infrastructure Security Agency told staffers it was discontinuing the use of two relevant threat hunting tools, Censys and Google’s VirusTotal.
But the private sector is paying attention. In the past, threat hunting firms and vendors would have to start by educating organizations on the benefits of deploying the tactic. Today, threat hunting is a well-known quantity; the tooling is often in place for hunters to get working. And the education they share now is about how threat actors operate.
“You sit in front of those tools and start to dig into the data, become the subject matter experts on that infrastructure, that organization, the security policies, the skeletons in the closet, the networks that are kind of off in no-man’s-land doing XYZ,” Mitchell said. “Those threat hunters end up educating themselves and again become that source of truth.”
Going forward, threat hunting will continue to be a part of the security posture. And Fetterman noted that mainstream acceptance goes a long way—but with technology moving fast, particularly AI, the state of the security industry subsector remains fluid.
“It’s in a good place where it’s kind of gotten mainstream adoption, and organizations know that it’s important and that it should be part of their security program,” Fetterman said. “But I also think it’s very much in flux at the moment.”
Locked in. Whether or not AI is part of threat hunting for 2025, Mitchell said the tactic will continue to pay off for organizations.
“Threat hunting really helps with that risk and prioritization conversation,” Mitchell said. “Risk is the million-dollar word for C-level folks, CISOs of organizations. You have to define your risk, and you need to protect against that risk.”