Done right, threat hunting detects the malicious behaviours your tools lack the insight to pick up on. It should increase the effort needed by any threat actor attempting to harm your organisation and evade detection, thus closing the breach-detection gap and reducing your appeal as a target. But not all threat hunting is built equal and very few teams are using it to its full potential.
This session, led by SOC Analyst Curtis Middlehurst, will explain how to design threat hunts that deplete threat actors’ resources and remove you from the branch of the low hanging fruit. Focusing on our own security operations centre (SOC), he’ll demonstrate how threat intelligence (TI), MITRE ATT&CK®, the Pyramid of Pain, and other processes feed into a mature threat hunting methodology that’s effective against even your most sophisticated adversaries.
Curtis will end the session, putting the thinking into practice and deploying a threat hunt live on the session against Lazarus Group.
What you’ll learn:
• How threat hunting can be used to lower the risk, cost, and impact of cyberattacks against your organisation
• How to make threat hunting efficient as well as effective
• Where to set the bar when judging different approaches
• All about the Pyramid of Pain – what it is, why it was created, and how it should be used
• When to automate and when to go manual
• How to threat hunt with Microsoft Sentinel and other tools
• How to understand and measure the impact of threat hunting
This session will be most useful for:
• IT and security managers
• Threat hunters
• Security analysts
• Security engineers
• Security architects
• Digital transformation leaders