Threat Hunting - Part of the DFIR Summit - Solutions Track

  • Tuesday, 16 Aug 2022 9:45AM EDT (16 Aug 2022 13:45 UTC)
  • Speaker: Lodrina Cherne

In a field that is advancing every day due to attackers and coordinated threats, forensic, incident response, and threat hunting professionals need to be constantly learning and challenging assumptions. A single examiner may be hunting APT activity and data destruction one day and missing persons the next. Whether to support business continuity or ensure personal safety, analysts need exposure to new and novel techniques for investigating a wide variety of data sources and require vetted solutions that that help find answers-fast.

Ransomware and state sponsored actors require the ability to threat hunt, asses activities, and dive in deeper when needed. Examiners today are aware that no single tool will fulfill all of their digital forensic, incident response, and threat hunting needs while program owners are looking for the biggest return on time and investment. Industry analysts recommend studying real-world examples of incidents to learn lessons from our peers in the trenches. The SANS Solutions Track at the DFIR/Threat Hunting Summit helps analysts and managers evaluate the latest tools and methods.

Relevant Digital Forensics, Incident Response, and Threat Hunting topics:

  • New analysis techniques
  • Collection and storage challenges
  • Coordinating caseloads and reporting
  • Big data and distributed analysts
  • Cloud and remote system investigations
  • Intel sharing and attacker behavior