{"id":3193,"date":"2025-10-11T09:52:28","date_gmt":"2025-10-11T09:52:28","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/10\/11\/ncsc-observability-and-threat-hunting-must-improve\/"},"modified":"2025-10-11T09:52:28","modified_gmt":"2025-10-11T09:52:28","slug":"ncsc-observability-and-threat-hunting-must-improve","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/10\/11\/ncsc-observability-and-threat-hunting-must-improve\/","title":{"rendered":"NCSC: Observability and Threat Hunting Must Improve"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>UK organizations must improve observability and threat hunting \u201cin the vital pursuit of raising the national ability\u201d to detect cyber threats, the National Cyber Security Centre (NCSC) has urged.<\/p>\n<p>NCSC CTO, Ollie Whitehouse, argued in a blog post yesterday that there is still \u201csignificant variation\u201d in ability in these areas.<\/p>\n<p>\u201cObservability and threat hunting are core and interdependent components of modern cyber defense,\u201d he added.<\/p>\n<p>\u201cMaturing capability across both of these components is essential to strengthening our national cyber resilience.\u201d<\/p>\n<p>Observability is the foundation for effective threat hunting, because \u201cyou can\u2019t hunt what you can\u2019t see,\u201d he argued. Yet many organizations may not have a comprehensive view into account activity, devices, networks, applications and cloud services. Shadow IT may also complicate these efforts, Whitehouse said.<\/p>\n<p><em>Read more on NCSC guidance: NCSC Updates Cyber Assessment Framework to Build UK CNI Resilience<\/em><\/p>\n<p>Even when organizations do collect data across all of their assets, they often can\u2019t apply advanced analytics to it in order to perform effective threat hunting, he added.<\/p>\n<p>To address these shortcomings, the NCSC urged security teams to:<\/p>\n<ul>\n<li>Maximize visibility of systems and the ability to query across combined data sets, spanning networks, hosts, devices and on-premises and cloud services<\/li>\n<li>Encourage tech vendors to follow NCSC guidance on building systems that support improved monitoring and investigation<\/li>\n<\/ul>\n<h2>Time to Mature Threat Hunting<\/h2>\n<p>The NCSC also shared some tips on how to improve threat hunting. It advised organizations to:<\/p>\n<ul>\n<li>Move beyond indicators of compromise (IOCs) such as IP addresses, domain names\u00a0and file hashes, because threat actors are getting better at quickly changing or hiding these signals, for example using living-off-the-land techniques<\/li>\n<li>Develop their use of tactics, techniques and procedures (TTPs) \u201cwhich reveal\u00a0how\u00a0attackers operate, not just\u00a0what\u00a0they use.\u201d To do so, organizations need comprehensive visibility across systems, infrastructure that allows for searching and correlation, and network defenders who can \u201cbuild and test hypotheses\u201d based on attackers\u2019 behavior and objectives<\/li>\n<\/ul>\n<p>\u201cOrganizations \u2013 or those who provide services to them \u2013 should not only ingest and detect IOCs but also be capable of consuming, creating, sharing, and detecting TTPs in their threat hunting,\u201d said Whitehouse.<\/p>\n<p>\u201cThis dual approach enhances both reactive and proactive security capabilities, improving overall resilience against sophisticated adversaries.\u201d<\/p>\n<p>The security agency also recommended\u00a0its NCSC Assured list of incident response providers to help organizations struggling with threat hunting, and its Cyber Adversary Simulation (CyAS) scheme to validate approaches for those who are further along in the process.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>UK organizations must improve observability and threat hunting \u201cin the vital pursuit of raising the national ability\u201d to detect cyber threats, the National Cyber Security Centre (NCSC) has urged. NCSC CTO, Ollie Whitehouse, argued in a blog post yesterday that there is still \u201csignificant variation\u201d in ability in these areas. \u201cObservability and threat hunting are<\/p>\n","protected":false},"author":2,"featured_media":3194,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3193","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3193-f8ba152f-39c4-48c7-89fa-4ee02ec87dec-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=3193"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3193\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/3194"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=3193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=3193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=3193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}