The “Google on SecOps” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on September 12th, 2022 by Dan Kaplan. Going forward, all Google Security Operations (formerly known as Chronicle Security Operations) blogs will be published here. 

Of all situations that can rattle even the most unflappable security operations professional, an attacker secretly lurking within their environment is probably it.

This is why dwell time, the period between when an adversary operates without restraint throughout a corporate network and when they are detected and eradicated, is arguably the most critical metric by which security operations teams judge their effectiveness.

This is also why threat hunting has become such a popular–and critical–practice in which SecOps groups are investing resources, especially as more attacker entryways and pivot points develop thanks to the meteoric rise of cloud adoption.

The value of being proactive; uncovering previously unknown threats; enriching intelligence with that information; and operationalizing those findings so your detection, triage, and response can be further automated will pay huge dividends for your defenses. But what constitutes a successful threat hunting program?

In this episode of “Fastest Two Minutes in SecOps,” Google Cloud Principal Security Strategist John Stoner introduces you to the benefits of hunting, and also offers words of caution for teams who may rush into the practice before other competencies of their detection and response are sufficiently built out.

In Part 2, Stoner will dispense tried-and-true advice for approaching and executing a hunt, and we’ll tell you about the tools that can make it possible. But first, enjoy Part 1 below!