The key focus for most of Cyber Threat Defense and Response program is to achieve effective and efficient threat hunting capability. Organizations are investing signification effort and money in building the required competency and infrastructure.
Threat hunting approach thus uses the intuitive and analytical ability of the human supported by the insights provided by tools using statistical, data modeling methods, machine learning, and artificial intelligence.
Rule-based threat detection approach has many limitations (like static nature i.e. detection based on a pre-defined threshold value, inability to process data in high throughput scenario, the requirement to exponentially increase computing resources as the number of rules increases etc.) and threat hunting effectively compliments the rule-based approach by addressing the above-mentioned limitations.