SANS Lethal Threat Hunting and Incident Response Techniques

Posted on in Presentations

The chances are very high that hidden threats are already in your organization's networks. Organizations can't afford to believe that their security measures are perfect and impenetrable, no matter how thorough their security precautions might be. Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools.

The key, however, is to look constantly for attacks that get past security systems and to catch intrusions in progress rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is referred to as "threat hunting." Threat Hunting is using know adversary behaviors to examine proactively the network and endpoints identifying new data breaches.

Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford antiquated incident response and threat hunting techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident. Incident response and threat hunting teams are the keys to identifying and observing malware indicators, patterns of activity, to help generate accurate threat intelligence that can be used to help detect current and future intrusions.

Note: Additional fee of $120 for the SIFT kit for this tutorial is included in the price.
Jake Williams


Risk Management Consultant, IANS Research

Share With Your Community