Threat Hunting

Threat hunting is the proactive search for adversaries already inside a network that automated alerts have missed, using hypotheses about attacker behavior, log analysis, and indicators of compromise. It assumes a breach rather than waiting for an alarm, which aligns it with zero-trust thinking. In maritime environments hunters work mostly across shore IT and the IT/OT boundary, since shipboard OT rarely supports intrusive agents and satellite bandwidth limits telemetry. Findings feed incident response and tuning of detection rules, and the practice supports the detect-and-respond outcomes of the NIST Cybersecurity Framework adopted in many fleet cyber baselines.