The threats facing organizations today mean that the analysts in security operations centers can no longer sit passively waiting for alerts to come through. Sophisticated attacks require a more active role in detecting and isolating them. That's where threat hunting comes in.
Firewalls, intrusion detection systems and SIEMs all depend on alerts to spur action. But alerts can be difficult to prioritize, largely because they are limited in what they can tell the SOC about what is going on. They are like pieces of a puzzle that leave analysts reactively digging through log files and jumping from repository to repository as they try to get a clear picture of the event that precipitated the alert.
In contrast, threat hunting is a proactive approach designed to uncover threats that lie hidden in a network or system, evading more traditional security tools.
In this webcast, you will learn how threat hunts are initiated, the skills that threat hunters must have, and the differences between structured and unstructured hunts. In addition, you will hear the latest developments in threat hunting from Sqrrl including a live demo of use-cases with their Sqrrl Threat Hunting Platform.
Be among the first to receive the associated whitepaper written by Robert M. Lee and Rob Lee.
View the associated whitepaper here.
Threat Hunting & Incident Response Summit | New Orleans, LA
Summit Dates: April 12-13
Training Course Dates: April 14-19
For more information or to register visit: sans.org/ThreatHuntingSummit
The Threat Hunting & Incident Response Summit was created to provide you with the methodic preparation needed to cull your adversaries from your network before you become their prey. In just two days of talks & five days of courses, you will learn from incident response and detection experts who are actively hunting for threats and stopping the most recent, sophisticated, and dangerous attacks against organizations.