* [Blog](https://www.paloaltonetworks.com/blog)
* [Security Operations](https://www.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Exploring the Art and Sci...

# Exploring the Art and Science of Threat Hunting with Oded Awaskar

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fexploring-the-art-and-science-of-threat-hunting-with-oded-awaskar%2F)  
[](https://twitter.com/share?text=Exploring+the+Art+and+Science+of+Threat+Hunting+with+Oded+Awaskar&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fexploring-the-art-and-science-of-threat-hunting-with-oded-awaskar%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fexploring-the-art-and-science-of-threat-hunting-with-oded-awaskar%2F&title=Exploring+the+Art+and+Science+of+Threat+Hunting+with+Oded+Awaskar&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/security-operations/exploring-the-art-and-science-of-threat-hunting-with-oded-awaskar/&ts=markdown)  
\[\](mailto:?subject=Exploring the Art and Science of Threat Hunting with Oded Awaskar)  
Link copied  
By [Unit 42](https://www.paloaltonetworks.com/blog/author/unit-42/?ts=markdown "Posts by Unit 42")  
Jul 23, 2024  
3 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[AI](https://www.paloaltonetworks.com/blog/tag/ai/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[Cortex XSIAM](https://www.paloaltonetworks.com/blog/tag/cortex-xsiam/?ts=markdown)  
[Incident Response](https://www.paloaltonetworks.com/blog/tag/incident-response/?ts=markdown)  
[managed services](https://www.paloaltonetworks.com/blog/tag/managed-services/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/tag/products-and-services/?ts=markdown)  
[Threat Hunting](https://www.paloaltonetworks.com/blog/tag/threat-hunting/?ts=markdown)  
[Unit 42 MDR](https://www.paloaltonetworks.com/blog/tag/unit-42-mdr/?ts=markdown)

Mastering the art of threat hunting allows security teams to go on the offensive --- to put themselves in the minds of bad actors and stop them in their tracks.

Oded Awaskar, senior manager for Unit 42's Managed Detection and Response (MDR) team, thinks of it as playing Sherlock Holmes.

**"It's a lot like the detective work you see in movies," he said. "We formulate hypotheses of how a threat actor would mount an attack, find ways to prove these hypotheses, then dive deep into the leads generated by these hypotheses."**

## What is Threat Hunting?

[Threat hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) is the practice of proactively examining your environment for attacker tactics and techniques. Threat hunters parse security data in search of malware, suspicious behavior patterns, and other indicators of compromise. Their findings give rise to incident triage and response processes.

Threat hunting isn't always easy, especially in light of changes brought about by cloud storage, third-party software, and limited access to essential logs. As the range of digital products and services utilized by organizations has expanded, they've given attackers more places to hide or create footholds.

"The real key is to communicate during that process about what you find and what you're doing," he said. "The client has to have an idea of how the threat is being addressed and when business operations will be restored."

*Threat Vector Podcast: Exploring the Art and Science of Threat Hunting with Oded Awaskar*

## Starting Your Own Threat-Hunting Program

For organizations considering adopting their own threat-hunting programs, Awaskar said it's important to understand that threat hunting focuses on identifying major incidents and sophisticated attackers.

As threat actors innovate new tactics and malware, indicators of compromise and anomalous behavior will become more difficult to detect. To be effective, threat-hunting teams must have access to comprehensive logs and a modern platform that unifies data from disparate sources. AI and machine learning paired with human expertise can make threat hunting faster, broader, and more effective, in ways that include automating repetitive tasks and creating and iterating on queries.

[Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) acts as a universal hub for data and applies out-of-the-box behavioral profiling driven by machine learning and AI. This allows security and threat-hunting teams to cut through the noise and spot true malicious behavior.

## Tightening Internal Processes

Awaskar advises organizations to look inward as well. Exploring anomalies in employee behavior can mitigate insider threats, while addressing gaps in broader cybersecurity hygiene can go a long way in shoring up your security posture.

Most security teams are too inundated with alerts and manual processes to conduct the proactive mission of threat hunting. As the cybersecurity labor shortage persists, partnering with an experienced MDR or managed threat hunting provider can position organizations to protect themselves against the ever-growing landscape of cyber threats.

"Threat hunting is an evolving discipline that requires constant adaptation and an innate curiosity," Awaskar said. "Using an [MDR service](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) gives organizations immediate access to an extensive pool of experienced analysts and threat hunters. Our team provides real-time 24/7 coverage and proactive preventative measures, so our clients can have true peace of mind."

## Ready for Next Steps?

**Learn how [Unit 42 managed services](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) can empower your team.**

**[Subscribe to the Threat Vector podcast](https://www.youtube.com/playlist?list=PLaKGTLgARHpO1zjPmTlWuYsYEKR0SKUPa) for cybersecurity and threat intelligence insights.**

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Unit 42 Strikes Oil in MITRE Engenuity Managed Services Evaluation](https://www.paloaltonetworks.com/blog/2022/11/unit-42-mitre-managedservices-2022/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### From ILOVEYOU to AI Defenders -- 25 Years of Email Evolution](https://www.paloaltonetworks.com/blog/security-operations/from-iloveyou-to-ai-defenders-25-years-of-email-evolution/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Hunt and Investigate Removable Drive Threats with Cortex XDR](https://www.paloaltonetworks.com/blog/security-operations/hunt-and-investigate-removable-drive-threats-with-cortex-xdr/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Intercepting the ToolShell Zero-Day Before the Headlines](https://www.paloaltonetworks.com/blog/security-operations/intercepting-the-toolshell-zero-day-before-the-headlines/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### SIEM Replacement Made Easy (Yes, Really!)](https://www.paloaltonetworks.com/blog/security-operations/siem-replacement-made-easy-yes-really/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Breaking Down Security Silos: How XDL Powers Advanced Threat Operations](https://www.paloaltonetworks.com/blog/security-operations/breaking-down-security-silos-how-xdl-powers-advanced-threat-operations/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language