Threat Hunting with Consistency - A SANS Whitepaper

  • Monday, 09 Dec 2019 10:30AM EST (09 Dec 2019 15:30 UTC)
  • Speakers: Matt Bromiley, Chris Morales

SANS instructor Matt Bromiley presents a new way of thinking about threat hunting. The common practice today is that most analysts search for threats based on hunches and previous knowledge, which leaves an open opportunity for attackers. Bromiley proposes an alternative approach where we utilize a common language. This approach creates a stronger internal process and builds a security team that begins to see things holistically instead of piece by piece. This also breaks from the usual threat hunting techniques centered around an analyst's knowledge, hunches, and predictions and relies on evidence-based security research to provide vision and efficiency instead.

Using the beautiful vocabulary in MITRE's ATT&CK Matrix, Bromiley proposes we can change the language to start to speak ATT&CK. Rather continue with things as they have been by using varying and sparse definitions for things, let's apply a uniformed vocabulary that focuses on our environment and threat hunting, where groupings and indications of malicious activity can give us insight into what we don't already know. Utilizing one common language over an operating system perspective will bring great efficiencies and develop stronger borders against malicious activity.'together with Chris Morales from Vectra, Bromiley will guide participants through this new thinking, and provide takeaways to apply this thinking to their own situations.

Register today to be among the first to receive the associated whitepaper written by security expert Matt Bromiley.