SlideShare a Scribd company logo

Building a Successful Threat Hunting Program

Download as PPTX, PDF
Carl C. Manion, profile picture
Carl C. Manion

The document discusses the fundamentals of proactive threat hunting, emphasizing the need for visibility, skilled personnel, and effective tools for detecting advanced threats. It outlines key components such as training, metrics, and intelligence that are critical for a successful threat hunting program. Additionally, it highlights the importance of reducing attack dwell time and maintaining a comprehensive approach to continually adapt and improve threat detection capabilities.

Technology
Related topics:
Cyber-Security
1 of 12
Downloaded 102 times
1
2
3
4
5
6
7
8
9
10
11
12
E16-SPGC. This document does not contain technology or Technical Data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. Copyright. Unpublished Work. Raytheon Company. Customer Success Is Our Mission is a registered trademark of Raytheon Company [Proactive Security] Building a Threat Hunting Program Presented by: Carl Manion Managing Principal
Proactive Threat Hunting • Proactive Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. • Threat hunting combines the use of threat intelligence, analytics, and automated security tools with human smarts. • Rather than waiting for the inevitable data breach to happen, proactively scout around for and hunt down bad actors and malicious activity on your networks. 2
THREAT HUNTING PROGRAM | Key Components 3 1) Starts with Visibility. 2) Tools and Automation are important. 3) Training is critically important. 4) Requires skilled, experienced analysts, engineers, and incident responders. 5) Metrics are important. 6) Intelligence is more than a buzzword. VISIBILITY TOOLSMETRICS TALENT TRAINING INTELLIGENCE 1 2 34 5 6
THREAT HUNTING PROGRAM | Visibility • Network traffic, hosts, end-points, logs, threats • Must be able to easily pivot and build timelines • Hunting can be time consuming, so access and performance must be part of your key considerations • Investigation directly supports detection and response 4 1
THREAT HUNTING PROGRAM | Tools & Automation • SIEM • NMS / IDS / IPS • EDR • Threat “Intelligence” Feeds/Platform/Services • SOC Orchestration / Workflow Automation • Overall, requires platforms more than tools; let the smart humans define what they need to see 5 2
THREAT HUNTING PROGRAM | Training • Define the results for the skills or capabilities you hope to attain • Outline training plans / topics / objectives; align with threat hunting strategy and plans • Mentoring / Teaming / On-the-job training (OJT) • Informal training counts too! • List job/role related training expectations of staff • Remember to account for training costs; timeframes; schedules 6 3
• Well rounded individuals • Driven / Motivated to learn • Analytical mind, able to apply concepts and approaches to variety of different toolsets • Able to think like adversary; can transition between defensive/offensive mindset • Train, train, train! 7 THREAT HUNTING PROGRAM | Skills (Talent) Responds to Alarms. Searches for Clues. 4
THREAT HUNTING PROGRAM | Metrics • Attack “Dwell Time” – What is it? Lifespan of an Attack; How long the attacker was in your environment. – Why it matters: The longer the attacker has to operate in your environment, the more damage they can do. – The goal is to reduce dwell time as much as possible, so attackers do not have time to achieve lateral movement and remove critical data. • Mean Time to Detection – What is it? The mean (average) time it takes to detect malicious or anomalous activity within an environment. – Why it matters: Identifying and containing an attacker, as quickly as possible, is of paramount importance to minimize damage. 8 Focus Areas To Reduce Dwell Time: 1. Fundamental security controls 2. Granular visibility and correlated intelligence 3. Continuous endpoint monitoring 4. Actionable prediction of human behavior 5. User awareness (user behavior analysis) 5 Examples:
9 THREAT HUNTING PROGRAM | Intelligence 6 • Buzzword within the industry; includes wide range (from malware analysis to traffic monitoring, to open source, or specific info from solution vendors, etc.) • The more granular, the better (need IPs, protocols, port numbers, domain names URLs, etc.) • Must be updated regularly (must be valid, relevant and timely) • Must have context to be actionable and to provide value to your threat hunting • Helps maximize the effectiveness of your security resources by allowing them to focus their time on the highest risk areas and high priority events • Focus more on TTPs and trends, rather than specific IoCs; think about how it may relate to known/on-going attack campaigns The use of information collection and analysis to provide guidance and direction to threat hunters in support of their theories and decisions.
1) Too much reliance on “hunting tools” or any singular data type: Logs lie Endpoint security tools miss things Vendors can’t fully automate hunting 2) Alert-centric workflows 3) Open loop processes 4) Bias and fatigue (mix it up to keep the work interesting) 5) Failure to keep up with latest news / intelligence 10 THREAT HUNTING PROGRAM | Risks
COMPREHENSIVE APPROACH:  Network, host, and log data  Cyclical / Closed Loop Approach  Begin with a question, theory, or metric and work toward answering that question through research and proactive hunting.  Build repeatable process workflows and queries back into your tools, through custom content, as you learn.  Seek to reduce mean-time-to-detection and response; find intrusions and compromises more quickly, and earlier in the cyber attack chain  Train. Change it up. Train some more. Repeat.  Continuous learning; Revisit investigations and hunting techniques! 11 THREAT HUNTING PROGRAM | Summary
2/10/2017 12

More Related Content

PPTX
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
PPTX
What is Threat Hunting? - Panda Security
Panda Security
 
PPTX
Threat hunting and achieving security maturity
DNIF
 
PPTX
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
PPTX
Threat hunting - Every day is hunting season
Ben Boyd
 
PDF
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
PDF
Telesoft Cyber Threat Hunting Infographic
Sarah Chandley
 
PPTX
Threat Hunting 101: Intro to Threat Detection and Incident Response
Infocyte
 
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
What is Threat Hunting? - Panda Security
Panda Security
 
Threat hunting and achieving security maturity
DNIF
 
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Threat hunting - Every day is hunting season
Ben Boyd
 
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Telesoft Cyber Threat Hunting Infographic
Sarah Chandley
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Infocyte
 

What's hot (20)

PPTX
Abstract Tools for Effective Threat Hunting
chrissanders88
 
PPTX
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
PDF
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
PDF
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
PDF
Threat Hunting
Splunk
 
PDF
Threat Hunting Report
Morane Decriem
 
PDF
Building a Threat Hunting Practice in the Cloud
ProtectWise
 
PDF
TTPs for Threat hunting In Oil Refineries
Dragos, Inc.
 
PDF
SIEM and Threat Hunting
n|u - The Open Security Community
 
PPTX
SOC2016 - The Investigation Labyrinth
chrissanders88
 
PPTX
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Infocyte
 
PDF
Threat Hunting 102: Beyond the Basics
Cybereason
 
PPTX
Cyber Threat Hunting Training (CCTHP)
ENOInstitute
 
PDF
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE - ATT&CKcon
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
PPTX
Threat hunting on the wire
InfoSec Addicts
 
PPTX
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
PPTX
Cyber Incident Response Triage - CPX 360 Presentation
Infocyte
 
Abstract Tools for Effective Threat Hunting
chrissanders88
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec
 
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Threat Hunting
Splunk
 
Threat Hunting Report
Morane Decriem
 
Building a Threat Hunting Practice in the Cloud
ProtectWise
 
TTPs for Threat hunting In Oil Refineries
Dragos, Inc.
 
SIEM and Threat Hunting
n|u - The Open Security Community
 
SOC2016 - The Investigation Labyrinth
chrissanders88
 
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Infocyte
 
Threat Hunting 102: Beyond the Basics
Cybereason
 
Cyber Threat Hunting Training (CCTHP)
ENOInstitute
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE - ATT&CKcon
 
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Threat hunting on the wire
InfoSec Addicts
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
Cyber Incident Response Triage - CPX 360 Presentation
Infocyte
 
Ad

Viewers also liked (20)

PDF
Workshop threat-hunting
Tripwire
 
PDF
Threat Hunting Workshop
Splunk
 
PPTX
Threat Hunting with Splunk
Splunk
 
PDF
Threat Hunting with Splunk
Splunk
 
PPTX
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
Christopher Gerritz
 
PPTX
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Danny Akacki
 
PPTX
Hunting on the cheap
Anjum Ahuja
 
PDF
Building an Analytics Enables SOC
Splunk
 
PPTX
Threat Hunting with Splunk
Splunk
 
PPTX
Splunk for Developers Breakout Session
Splunk
 
PDF
Windows Threat Hunting
GIBIN JOHN
 
PPTX
Splunk for Security - Hands-On
Splunk
 
PDF
Practical Cyber Defense
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PDF
A Threat Hunter Himself
Teymur Kheirkhabarov
 
PPTX
The Diamond Model for Intrusion Analysis - Threat Intelligence
ThreatConnect
 
PDF
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
North Texas Chapter of the ISSA
 
PPTX
44CON London 2015: NTFS Analysis with PowerForensics
Jared Atkinson
 
PDF
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
North Texas Chapter of the ISSA
 
PDF
Full_Article_GadgetTrak_Forbes_Reduced
Tripwire
 
PDF
How to prevent cyber attack with big data & intelligence(sfis170222)
Yong Suk Kang 姜龙锡
 
Workshop threat-hunting
Tripwire
 
Threat Hunting Workshop
Splunk
 
Threat Hunting with Splunk
Splunk
 
Threat Hunting with Splunk
Splunk
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
Christopher Gerritz
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Danny Akacki
 
Hunting on the cheap
Anjum Ahuja
 
Building an Analytics Enables SOC
Splunk
 
Threat Hunting with Splunk
Splunk
 
Splunk for Developers Breakout Session
Splunk
 
Windows Threat Hunting
GIBIN JOHN
 
Splunk for Security - Hands-On
Splunk
 
Practical Cyber Defense
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
A Threat Hunter Himself
Teymur Kheirkhabarov
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
ThreatConnect
 
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
North Texas Chapter of the ISSA
 
44CON London 2015: NTFS Analysis with PowerForensics
Jared Atkinson
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
North Texas Chapter of the ISSA
 
Full_Article_GadgetTrak_Forbes_Reduced
Tripwire
 
How to prevent cyber attack with big data & intelligence(sfis170222)
Yong Suk Kang 姜龙锡
 
Ad

Similar to Building a Successful Threat Hunting Program (20)

PPTX
Threat intelligence life cycle steps by steps
JayeshGadhave1
 
PDF
7 Habits of Smart Threat Intelligence Analysts
Recorded Future
 
PPTX
Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnera...
Jorge Orchilles
 
PDF
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
PDF
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
PDF
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
Marcin Ludwiszewski
 
PPTX
Chapter I Introduction To Cyber Intelligence.pptx
Rahul Borate
 
PPTX
Cyber Threat Hunting Workshop
Digit Oktavianto
 
PPTX
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
North Texas Chapter of the ISSA
 
PPTX
Security Operations Center Analyst Presentation
kundansaraf1
 
PPTX
My Keynote from BSidesTampa 2015 (video in description)
Andrew Case
 
PDF
Enhancing Cyber threat hunting for your team | 2021
KharimMchatta
 
PPTX
Ethical hacking
Saqib Raza
 
PPTX
Your cyber security webinar
Intergen
 
PPTX
Introduction to Ethical Hacking
UK Defence Cyber School
 
PPTX
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
PPTX
How To Build An Incident Response Function
Resilient Systems
 
PPTX
Introduction to Threat Hunting in an SOC
wininlifeacademy5
 
PPTX
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
PPTX
Unit-1&2,mdngmnd,mngmdnmgnmdnfmngdf.pptx
jayarao21
 
Threat intelligence life cycle steps by steps
JayeshGadhave1
 
7 Habits of Smart Threat Intelligence Analysts
Recorded Future
 
Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnera...
Jorge Orchilles
 
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
Marcin Ludwiszewski
 
Chapter I Introduction To Cyber Intelligence.pptx
Rahul Borate
 
Cyber Threat Hunting Workshop
Digit Oktavianto
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
North Texas Chapter of the ISSA
 
Security Operations Center Analyst Presentation
kundansaraf1
 
My Keynote from BSidesTampa 2015 (video in description)
Andrew Case
 
Enhancing Cyber threat hunting for your team | 2021
KharimMchatta
 
Ethical hacking
Saqib Raza
 
Your cyber security webinar
Intergen
 
Introduction to Ethical Hacking
UK Defence Cyber School
 
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
How To Build An Incident Response Function
Resilient Systems
 
Introduction to Threat Hunting in an SOC
wininlifeacademy5
 
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Unit-1&2,mdngmnd,mngmdnmgnmdnfmngdf.pptx
jayarao21
 

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Cloud computing and distributed systems.
kkkkkhan
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 

Building a Successful Threat Hunting Program

  • 1. E16-SPGC. This document does not contain technology or Technical Data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. Copyright. Unpublished Work. Raytheon Company. Customer Success Is Our Mission is a registered trademark of Raytheon Company [Proactive Security] Building a Threat Hunting Program Presented by: Carl Manion Managing Principal
  • 2. Proactive Threat Hunting • Proactive Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. • Threat hunting combines the use of threat intelligence, analytics, and automated security tools with human smarts. • Rather than waiting for the inevitable data breach to happen, proactively scout around for and hunt down bad actors and malicious activity on your networks. 2
  • 3. THREAT HUNTING PROGRAM | Key Components 3 1) Starts with Visibility. 2) Tools and Automation are important. 3) Training is critically important. 4) Requires skilled, experienced analysts, engineers, and incident responders. 5) Metrics are important. 6) Intelligence is more than a buzzword. VISIBILITY TOOLSMETRICS TALENT TRAINING INTELLIGENCE 1 2 34 5 6
  • 4. THREAT HUNTING PROGRAM | Visibility • Network traffic, hosts, end-points, logs, threats • Must be able to easily pivot and build timelines • Hunting can be time consuming, so access and performance must be part of your key considerations • Investigation directly supports detection and response 4 1
  • 5. THREAT HUNTING PROGRAM | Tools & Automation • SIEM • NMS / IDS / IPS • EDR • Threat “Intelligence” Feeds/Platform/Services • SOC Orchestration / Workflow Automation • Overall, requires platforms more than tools; let the smart humans define what they need to see 5 2
  • 6. THREAT HUNTING PROGRAM | Training • Define the results for the skills or capabilities you hope to attain • Outline training plans / topics / objectives; align with threat hunting strategy and plans • Mentoring / Teaming / On-the-job training (OJT) • Informal training counts too! • List job/role related training expectations of staff • Remember to account for training costs; timeframes; schedules 6 3
  • 7. • Well rounded individuals • Driven / Motivated to learn • Analytical mind, able to apply concepts and approaches to variety of different toolsets • Able to think like adversary; can transition between defensive/offensive mindset • Train, train, train! 7 THREAT HUNTING PROGRAM | Skills (Talent) Responds to Alarms. Searches for Clues. 4
  • 8. THREAT HUNTING PROGRAM | Metrics • Attack “Dwell Time” – What is it? Lifespan of an Attack; How long the attacker was in your environment. – Why it matters: The longer the attacker has to operate in your environment, the more damage they can do. – The goal is to reduce dwell time as much as possible, so attackers do not have time to achieve lateral movement and remove critical data. • Mean Time to Detection – What is it? The mean (average) time it takes to detect malicious or anomalous activity within an environment. – Why it matters: Identifying and containing an attacker, as quickly as possible, is of paramount importance to minimize damage. 8 Focus Areas To Reduce Dwell Time: 1. Fundamental security controls 2. Granular visibility and correlated intelligence 3. Continuous endpoint monitoring 4. Actionable prediction of human behavior 5. User awareness (user behavior analysis) 5 Examples:
  • 9. 9 THREAT HUNTING PROGRAM | Intelligence 6 • Buzzword within the industry; includes wide range (from malware analysis to traffic monitoring, to open source, or specific info from solution vendors, etc.) • The more granular, the better (need IPs, protocols, port numbers, domain names URLs, etc.) • Must be updated regularly (must be valid, relevant and timely) • Must have context to be actionable and to provide value to your threat hunting • Helps maximize the effectiveness of your security resources by allowing them to focus their time on the highest risk areas and high priority events • Focus more on TTPs and trends, rather than specific IoCs; think about how it may relate to known/on-going attack campaigns The use of information collection and analysis to provide guidance and direction to threat hunters in support of their theories and decisions.
  • 10. 1) Too much reliance on “hunting tools” or any singular data type: Logs lie Endpoint security tools miss things Vendors can’t fully automate hunting 2) Alert-centric workflows 3) Open loop processes 4) Bias and fatigue (mix it up to keep the work interesting) 5) Failure to keep up with latest news / intelligence 10 THREAT HUNTING PROGRAM | Risks
  • 11. COMPREHENSIVE APPROACH:  Network, host, and log data  Cyclical / Closed Loop Approach  Begin with a question, theory, or metric and work toward answering that question through research and proactive hunting.  Build repeatable process workflows and queries back into your tools, through custom content, as you learn.  Seek to reduce mean-time-to-detection and response; find intrusions and compromises more quickly, and earlier in the cyber attack chain  Train. Change it up. Train some more. Repeat.  Continuous learning; Revisit investigations and hunting techniques! 11 THREAT HUNTING PROGRAM | Summary

Editor's Notes

  • #8: Roles: Threat Analyst, Intrusion Analyst, Incident Handler