Threat Hunting Is a Process, Not a Thing: SANS 2018 Survey Results, Part I

  • Webcast Aired Wednesday, 19 Sep 2018 1:00PM EDT (19 Sep 2018 17:00 UTC)
  • Speakers: Rob Lee, Robert M. Lee, Chris Carlson, Dana Torgersen, Helen Johnson

How are organizations preparing their environments for hunting? How are they accessing their critical data needed in a hunt? And how are they using the threat and operational data uncovered during the hunt? This, our third survey on threat hunting, looks at maturity of hunting programs and where they are going, along with best practices being used in organizations to detect and remediate threats that would otherwise remain hidden.

In this webcast, SANS Threat Hunting and Incident Response Curriculum Chair Rob Lee will reveal how survey respondents answered questions that are immediately important to organizations conducting threat hunting. In this webcast, Rob will discuss:

  • Whether or not organizations are preparing their organizations for threat hunting with advanced planning, assessments, procedures and technical integrations
  • What prerequisites organizations should consider in preparing for a hunt
  • What data hunters need to access, how they are accessing it and usefulness of that data
  • Who does the hunting, who should do the hunting and whether or not hunting activities are coordinated across detection and response
  • Whether or not organizations are deploying continuous hunting to proactively look for threats, or simply following up on indicators

Register for Part II of this webcast, \Threat Hunting in Action," here.

Results will initially be discussed at the SANS Threat Hunting and Incident Response Summit on September 6-7. Full whitepaper developed by Rob Lee will be available on the day of the live webcast.