Threat Hunting for the Masses

  • Thursday, 18 May 2017 11:00AM EDT (18 May 2017 15:00 UTC)
  • Speaker: Frank McClain

Threat Hunting is widely known as the art of applying new information to existing data in order to find previously unknown threats. If you work in or around Security Operations, Incident Response, or Forensics, chances are good that you have heard about threat hunting--perhaps from a vendor, coworker, blog post, webinar, or presentation like this one. Threat hunting, like \Threat Intelligence," is a popular catch-phrase with many different ideas on the "who, what, when, where, why, and how" of properly accomplishing it. Some vendors even offer a form of "threat hunting" as part of their services, which certainly makes it sound expensive and complicated--something beyond "mere mortals" (like you!) who work for a living.

The fact is that although activities related to threat hunting can be expensive and complicated, they don't have to be. This talk will outline the fundamental concepts of threat hunting, and present actionable ideas about how you can begin to hunt for threats in your own organization. Contrary to what you may have heard, an effective threat hunting program doesn't need to involve buying new and expensive platforms, hiring more personnel, or paying for comprehensive services. At its core, implementing these programs just takes some dedicated effort; a little "elbow grease" as the saying goes.

Although this is a broad topic, you'll get solid answers to core questions about threat hunting. More than that, you should have some actionable information to take with you and help you start taking ground against the bad guys--wherever your hunting grounds may be.

To learn more on this topic, attend the 10th annual SANS Digital Forensics & Incident Response (DFIR) Summit & Training. This training event brings together the most influential group of experts, the highest quality training, and the greatest industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy:

  • Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit
  • Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses, and learn how to better protect your organization
  • The opportunity to network with fellow attendees at receptions and community-building events
  • A DFIR NetWars tournament to sharpen your skills and solve incident-related challenges