BSides Philly 2017 - Threat Hunting: Defining the Process While Circumventing Corporate Obstacles
December 26, 2017 | Posted in Blue Teams by Kevin Foster, Matt Schneck, Ryan Andress
Security Risk Advisors is proud to have been a Platinum Sponsor at BSides Philly on Friday, December 8th. In addition to continued involvement in and support for the BSides organization, Security Risk Advisors' Kevin Foster, Matt Schneck and Ryan Andress also presented valuable Threat Hunting techniques that can be implemented within your cyber program while avoiding common "red-tape" barriers. The presentation is available to watch on YouTube, and slides are available on Slideshare, below:
Presented at BSides Philadelphia, December 8, 2017
Threat hunting is a hot topic spurred on by the thought that it’s not a matter of if, but when, your organization will be breached. Mature security organizations are shifting in their approach from solely relying on reactive response and black box security tools to proactive hunting. This shift in approach requires large amounts of network and endpoint data to tie together attacker tools, tactics, and procedures. Security teams often have their hands tied due to limited budgets, politics and their ability to affect change with what information gets logged (just try getting a DNS admin to check a box that says “Debug” in prod). Hypothesis driven data acquisition can be used to overcome environmental challenges, provide a specific goal, and reduce analysis paralysis. This presentation will discuss hypothesis driven threat hunting using free and commercial tools for organizations which face common corporate roadblocks.