Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools. The key is to look constantly for attacks that get past security systems and to catch intrusions in progress rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is referred to as "threat hunting." Threat Hunting is using known adversary behaviors to examine proactively the network and endpoints identifying new data breaches. Incident response and threat hunting teams are the keys to identifying and observing malware indicators, patterns of activity, to help generate accurate threat intelligence that can be used to help detect current and future intrusions.
You must be registered for RSA Conference 2019 to purchase and enroll in this tutorial.