Threat Hunting in Action: SANS 2018 Survey Results, Part II

  • Thursday, 20 Sep 2018 1:00PM EDT (20 Sep 2018 17:00 UTC)
  • Speakers: Rob Lee, Robert M. Lee, Benjamin Powell, Sid Pearl, Justin Swisher

Cyber threat hunting, once the job of only highly trained specialists, is maturing and growing more operationalized. While cyber threat hunting will always require the knowledge, critical thinking and skills of seasoned professionals, hunting capabilities are becoming more automated and integrated into overall SOC functions.

In this webcast, SANS Threat Hunting and Incident Response Curriculum Chair Rob Lee will discuss how threat hunting has matured during the past three years, including:

  • Whether or not organizations are integrating their threat hunting activities with cyber threat intelligence (CTI)
  • Benefits and drawbacks of integrating with CTI
  • Improvements made on gathering endpoint threat intelligence collection (which was a weak point among respondents to our 2017 survey)
  • Best and worst technologies, standards and processes for hunting
  • Specific examples of hunts filled in by respondents

Register for Part I of this webcast, \Threat Hunting Is a Process, Not a Thing," here.

Results will initially be discussed at the SANS Threat Hunting and Incident Response Summit on September 6-7. Full whitepaper developed by Rob Lee will be available on the day of the live webcast.