The key, however, is to look constantly for attacks that get past security systems and to catch intrusions in progress rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is referred to as "threat hunting." Threat Hunting is using know adversary behaviors to examine proactively the network and endpoints identifying new data breaches.
Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford antiquated incident response and threat hunting techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident. Incident response and threat hunting teams are the keys to identifying and observing malware indicators, patterns of activity, to help generate accurate threat intelligence that can be used to help detect current and future intrusions.
Note: Additional fee of $120 for the SIFT kit for this tutorial is included in the price.