Threat hunting means proactive and structured scanning of collected data from SIEM, EDR or other security systems, rather than waiting for an alert and then investigating. Endpoints can also be searched for known traces of attacks (Indicators of Compromise, IOCs).
Starting point of hunting is Locard's rule that a perpetrator always leaves traces at the scene, you "just" have to find them. Based on threat intelligence, we collect information on how attackers specifically proceed, perform these techniques in our lab, and observe what traces are left behind. On this basis, we formulate hypotheses, which we then verify in your environment.
This innovative approach complements the usual reactive security methods to a truly holistic security concept!