Threat Hunting Research Methodology: A Data Driven Approach by Roberto & Jose Luis Rodriguez



Insomni'hack 2019 Title : Threat Hunting Research Methodology: A Data Driven Approach Speaker: Roberto Rodriguez (@cyb3rward0g), SpecterOps & Jose Luis Rodriguez (@cyb3rPandah) Threat hunting as a process is still being defined for many organizations across various industries. Hence, the justification of its budget becomes even harder. Some security teams don’t have a formalized team in place, and they see threat hunting as an informal, ad-hoc procedure where it becomes the responsibility of all Cyber employees to find malicious activity. Others see threat hunting as a formalized process that requires a full-time team focused more on creating detection strategies for adversaries even when they are not in the production environment. No matter how it is defined, there is still uncertainty pertaining to the impact that threat hunting has to the security posture of an organization. In addition, organizations believe that buying more tools and hiring more people would solve their problem. However, they disregard the fact that they might not even have the right data to start with. In this presentation, we will share a threat hunting research methodology that focuses on assessing what an organization has and needs from a data perspective to validate the detection of an adversary. This talk will show organizations how they can assess the collection and quality of their data and create data analytics to set their teams up for more effective engagements in production networks.

source: https://www.youtube.com/watch?v=DuUF-zXUzPs

Para mas noticias, visita: https://sectemple.blogspot.com/

Comments