The correct answer isTransitioning from reactive to proactive threat hunting to identify unknown threats and vulnerabilities. This directly aligns with both theThreat Hunting Maturity Modeland the strategic goals of thePyramid of Pain, which emphasizes increasing the adversary’s cost by detecting behaviors and tactics rather than easily changeable indicators.
Reactive security operations focus on alerts, signatures, and known indicators such as hashes, IP addresses, and domains—the lowest and least painful levels of the Pyramid of Pain. While necessary, these controls are easily bypassed by sophisticated adversaries. Proactive threat hunting represents a higher maturity level, where analysts actively search forunknown, stealthy, or novel attacker behaviorsthat have not yet triggered alerts.
Option D (automating detection of known threats) improves efficiency but does not meaningfully increase adversary pain, as attackers can rapidly change known indicators. Option B provides preparedness benefits but does not directly shift detection capabilities. Option A focuses on compliance, which is necessary for governance but largely irrelevant to adversary behavior.
By transitioning to proactive hunting, organizations focus onTTP-based detection, such as credential misuse patterns, abnormal lateral movement, persistence mechanisms, and command-and-control behaviors. These detections operate higher in the Pyramid of Pain—tactics, techniques, and procedures—forcing attackers to significantly retool and increasing the likelihood of early detection.
From a CISO-level perspective, this shift reflects mature security leadership:compliance keeps you legal, automation keeps you efficient, but proactive threat hunting keeps you resilient against advanced threats.
Submit