Threat Hunting with Endpoints: A Methodology for Effective Detection and Agile Response

  • Thursday, 31 Aug 2017 1:00PM EDT (31 Aug 2017 17:00 UTC)
  • Speakers: John Pescatore, Jack \Wes" Riley"

In today's environment, the most powerful tool available to security and incident response professionals is visibility.'the better an analyst's visibility, the more effectively they can bring their own knowledge, experience, and methodologies to bear during an incident, hunting investigation, or evaluation of current legitimate security and operational IT mechanisms. 'In this talk, Wes Riley with RSA's Incident Response Practice will discuss a simple, adaptable, and extremely effective threat hunting methodology that allows security practitioners to accomplish two goals: 1) Proactively detect both known and unknown threats and 2) utilize non-standard IOCs on-the-fly to effectively scope newly discovered threats at scale. 'Mr. Riley will present a case study involving advanced actors to demonstrate the effectiveness of this methodology.