ProtectWise, profile picture
Uploaded byProtectWise
PDF, PPTX387 views

Building a Threat Hunting Practice in the Cloud

The document discusses building a threat hunting practice in the cloud, emphasizing the importance of being proactive in identifying unknown threats rather than just reacting to known ones. It outlines components necessary for effective threat hunting, including data collection, context, and analytics capabilities offered by cloud technology. Best practices for threat hunting and a call to action for continuous learning and collaboration are highlighted.

Software
Related topics:
Threat Hunting

Embed presentation

Download as PDF, PPTX
BUILDING A THREAT HUNTING PRACTICE IN THE CLOUD March 22, 2017
2 James Condon Director of Threat Research and Analysis ProtectWise Tom Hegel Senior Threat Researcher ProtectWise TODAY’S SPEAKERS
3 • Threat Hunting 101 • Requirements for Effective Threat Hunting • How the Cloud Can Help • Threat Hunting Best Practices • Questions • Next Steps TODAY’S AGENDA
4 THREAT HUNTING 101 Following anomalous behavior when or where it occurs to confirm whether it was an actual, active attack. Detection Catch and respond to known threats. vs. Hunting Identify detection gaps and unknown threats. Prevent future incidents.
5 WHY HUNT FOR THREATS? Be More Proactive Catch What is Unknown and New Increased Team Skill, More Fun
POLL QUESTION 6
Maturity Capability Best practice detection and blocking (AV, Firewall, SIEMs, etc.) Advanced detection with limited response capability Detection and response automation, correlation across tools Hunting, long-term data collection, retrospective forensic capabilities 7 HOW MATURE IS YOUR TEAM?
8 BEFORE YOU BEGIN Master Detection and Response Correlate Activity Between Tools Automate As Much As Possible Detect on Quality Over Quantity
9 REQUIREMENTS FOR EFFECTIVE THREAT HUNTING SearchIndexExtractStoreCapture Collect the Right Data Understand the Landscape
POLL QUESTION 10
HOW THE CLOUD CAN HELP 11 What do you get? ● Comprehensive context ● Continuous analysis ● Pervasive visibility Insight & Intelligence What does it give you? ● Unlimited storage ● Advanced analytics capabilities ● Unified haystack Scale & Power
12 DETECTION VS. HUNTING LOOPS Hunting is Proactive 1. Hypothesize 2. Test 3. Identify 4. Formalize Detection is Reactive 1. Activity observed 2. Engagement 3. Learn 4. Activity resolved 5. Tune Detection
● Foster an investigative mindset ● Develop and pursue leads ● Gather evidence ● Keep asking questions ● Avoid confirmation bias ● Avoid tunnel vision 13 THREAT HUNTING BEST PRACTICES
14 THE REALITY OF HUNTING AT SCALE ● Not always about an APT ● Embrace the analyst mindset ● Expand your knowledge ● Share and grow together ● Look beyond InfoSec rockstars
Differences between malicious & legitimate HTTP requests • Small number of headers • Headers out of order • Unusual or small User-Agents 15 MALICIOUS HTTP REQUEST EXAMPLES
QUICK RECAP 16 A great threat hunting practice... • … acts proactively (hunting), not reactively (detection). • … collects the right data, and know your landscape • … relies on the cloud for scalability and power you need. • … follows best practices, they make you more effective. • … is realistic about outcomes and results.
Q&A
18 NEXT STEPS • We’ll be sending you a copy of our whitepaper “A Comprehensive Start-Up Guide for Proactive Threat Hunting Across Time.” • Questions? Email sales@protectwise.com
THANK YOU www.protectwise.com

More Related Content

PPTX
Abstract Tools for Effective Threat Hunting
bychrissanders88
 
PDF
See Clearly and Respond Quickly from the Network to the Endpoint
byProtectWise
 
PDF
Threat Hunting 102: Beyond the Basics
byCybereason
 
PDF
Threat Hunting
bySplunk
 
PPTX
Building a Successful Threat Hunting Program
byCarl C. Manion
 
PPTX
Art into Science 2017 - Investigation Theory: A Cognitive Approach
bychrissanders88
 
PDF
Threat hunting 101 by Sandeep Singh
byOWASP Delhi
 
PPTX
Threats that Matter - Murray State University 2017
bychrissanders88
 
Abstract Tools for Effective Threat Hunting
bychrissanders88
 
See Clearly and Respond Quickly from the Network to the Endpoint
byProtectWise
 
Threat Hunting 102: Beyond the Basics
byCybereason
 
Threat Hunting
bySplunk
 
Building a Successful Threat Hunting Program
byCarl C. Manion
 
Art into Science 2017 - Investigation Theory: A Cognitive Approach
bychrissanders88
 
Threat hunting 101 by Sandeep Singh
byOWASP Delhi
 
Threats that Matter - Murray State University 2017
bychrissanders88
 

What's hot

PPTX
SOC2016 - The Investigation Labyrinth
bychrissanders88
 
PPTX
Cyber Threat Hunting with Phirelight
byHostway|HOSTING
 
PDF
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
byCrowdStrike
 
PDF
(SACON) Shomiron das gupta - threat hunting use cases
byPriyanka Aash
 
PPTX
What is Threat Hunting? - Panda Security
byPanda Security
 
PDF
Threat Hunting with Splunk Hands-on
bySplunk
 
PDF
Intelligence driven defense webinar
byThreatConnect
 
PPTX
Threat hunting - Every day is hunting season
byBen Boyd
 
PDF
Managing Indicator Deprecation in ThreatConnect
byThreatConnect
 
PDF
Save Time and Act Faster with Playbooks
byThreatConnect
 
PDF
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
byMITRE - ATT&CKcon
 
PPTX
Advanced Threat Hunting - Botconf 2017
byKevin Finley
 
PDF
Threat Hunting Procedures and Measurement Matrice
byVishal Kumar
 
PDF
Threat Hunting Report
byMorane Decriem
 
PPTX
The Diamond Model for Intrusion Analysis - Threat Intelligence
byThreatConnect
 
PDF
Enabling effective hunt teaming and incident response
byjeffmcjunkin
 
PDF
What's a MITRE with your Security?
byMITRE - ATT&CKcon
 
PPTX
Episode IV: A New Scope
byThreatConnect
 
PPTX
BSA2016 - Honeypots for Network Security Monitoring
bychrissanders88
 
PDF
MITRE ATT&CKcon 2.0: From Susceptible to ATT&CK - A Threat Hunting Story; Chr...
byMITRE - ATT&CKcon
 
SOC2016 - The Investigation Labyrinth
bychrissanders88
 
Cyber Threat Hunting with Phirelight
byHostway|HOSTING
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
byCrowdStrike
 
(SACON) Shomiron das gupta - threat hunting use cases
byPriyanka Aash
 
What is Threat Hunting? - Panda Security
byPanda Security
 
Threat Hunting with Splunk Hands-on
bySplunk
 
Intelligence driven defense webinar
byThreatConnect
 
Threat hunting - Every day is hunting season
byBen Boyd
 
Managing Indicator Deprecation in ThreatConnect
byThreatConnect
 
Save Time and Act Faster with Playbooks
byThreatConnect
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
byMITRE - ATT&CKcon
 
Advanced Threat Hunting - Botconf 2017
byKevin Finley
 
Threat Hunting Procedures and Measurement Matrice
byVishal Kumar
 
Threat Hunting Report
byMorane Decriem
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
byThreatConnect
 
Enabling effective hunt teaming and incident response
byjeffmcjunkin
 
What's a MITRE with your Security?
byMITRE - ATT&CKcon
 
Episode IV: A New Scope
byThreatConnect
 
BSA2016 - Honeypots for Network Security Monitoring
bychrissanders88
 
MITRE ATT&CKcon 2.0: From Susceptible to ATT&CK - A Threat Hunting Story; Chr...
byMITRE - ATT&CKcon
 

Viewers also liked

PDF
RSAC 2016: How to Get into ICS Security
byChris Sistrunk
 
PDF
Education - Situational Awareness
by21Engineers
 
PDF
Pacific Tsunami Warning Center: Introduction to Enhanced Pacific Products and...
byBrian Shiro
 
PPTX
Essential components of a policy problem definition
byChiang Mai University School of Public Policy
 
PPT
Toward a Strategy of Public Warning
byJohn Fenzel
 
PDF
Threat Modeling web applications (2012 update)
byAntonio Fontes
 
PDF
Laser warning system
bydrdo012345
 
PDF
DEF CON 23 - NSM 101 for ICS
byChris Sistrunk
 
PDF
Warning in Libya: The Rise of an Imminent Threat
byInstitute for the Study of War
 
PPT
New technology - the threat to our information
byremoved_61d9bc777bdcf32e47407c12a194c79c
 
PPT
Application Threat Modeling
byMarco Morana
 
PDF
Threat Hunting with Splunk
bySplunk
 
PDF
SearchLove London | Will Critchlow, 'The Threat of Mobile'
byDistilled
 
PDF
Just Enough Threat Modeling
byStephen de Vries
 
PDF
Pacific Tsunami Warning Center: Introduction to Tsunamis and PTWC Operations
byBrian Shiro
 
KEY
Opportunity and Threat of External Environment
byNoonamsom
 
PPT
Russian assessment of missile threat
byRussian Embassy
 
PPTX
Part 3 Early Warning: The Five Pillars Of Disaster Resilience
byProfessor Eric K. Noji, M.D., MPH, DTMH(Lon), FRCP(UK)hon
 
PDF
Ballistic Missile Defense Review February 2010
byDepartment of Defense
 
PPTX
Threat Hunting with Splunk Hands-on
bySplunk
 
RSAC 2016: How to Get into ICS Security
byChris Sistrunk
 
Education - Situational Awareness
by21Engineers
 
Pacific Tsunami Warning Center: Introduction to Enhanced Pacific Products and...
byBrian Shiro
 
Essential components of a policy problem definition
byChiang Mai University School of Public Policy
 
Toward a Strategy of Public Warning
byJohn Fenzel
 
Threat Modeling web applications (2012 update)
byAntonio Fontes
 
Laser warning system
bydrdo012345
 
DEF CON 23 - NSM 101 for ICS
byChris Sistrunk
 
Warning in Libya: The Rise of an Imminent Threat
byInstitute for the Study of War
 
New technology - the threat to our information
byremoved_61d9bc777bdcf32e47407c12a194c79c
 
Application Threat Modeling
byMarco Morana
 
Threat Hunting with Splunk
bySplunk
 
SearchLove London | Will Critchlow, 'The Threat of Mobile'
byDistilled
 
Just Enough Threat Modeling
byStephen de Vries
 
Pacific Tsunami Warning Center: Introduction to Tsunamis and PTWC Operations
byBrian Shiro
 
Opportunity and Threat of External Environment
byNoonamsom
 
Russian assessment of missile threat
byRussian Embassy
 
Part 3 Early Warning: The Five Pillars Of Disaster Resilience
byProfessor Eric K. Noji, M.D., MPH, DTMH(Lon), FRCP(UK)hon
 
Ballistic Missile Defense Review February 2010
byDepartment of Defense
 
Threat Hunting with Splunk Hands-on
bySplunk
 

Similar to Building a Threat Hunting Practice in the Cloud

PPTX
Threat hunting foundations: People, process and technology.pptx
byInfosec
 
PPTX
Threat hunting and achieving security maturity
byDNIF
 
PPTX
ThreatHunt_Presentation.pptx for SIEM and SOAR
bycybergod246
 
PDF
Cyber Threat Hunting Meap V05 Chapters 1 To 8 Of 13 Nadhem Alfardan
bycawulineriku
 
PPTX
Threat hunting for Beginners
bySKMohamedKasim
 
PPTX
Threat hunting in cyber world
byAkash Sarode
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PDF
Cyber Threat Hunting Workshop.pdf
byssuser4237d4
 
PDF
Cyber Threat Hunting Workshop.pdf
byssuser4237d4
 
PPTX
Threat_Hunting_Presentation (1).pptx for SIEM
bycybergod246
 
PPTX
Cyber Threat Hunting: Identify and Hunt Down Intruders
byInfosec
 
PPTX
Threat Hunting 101: Intro to Threat Detection and Incident Response
byInfocyte
 
PDF
Threat Hunting, Detection, and Incident Response in the Cloud
byBen Johnson
 
PDF
What Happens Before the Kill Chain
byOpenDNS
 
PDF
Hunting_GrrCON22.pdf
byPaül Jaramillo
 
PDF
cybersecurity-series-2019-threat-hunting.pdf
byCecilSu
 
PPTX
Threat Hunting: From Platitudes to Practical Application
byDefCamp
 
PPTX
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
byDigit Oktavianto
 
PPTX
Introduction to Threat Hunting in an SOC
bywininlifeacademy5
 
PDF
Enhancing Cyber threat hunting for your team | 2021
byKharimMchatta
 
Threat hunting foundations: People, process and technology.pptx
byInfosec
 
Threat hunting and achieving security maturity
byDNIF
 
ThreatHunt_Presentation.pptx for SIEM and SOAR
bycybergod246
 
Cyber Threat Hunting Meap V05 Chapters 1 To 8 Of 13 Nadhem Alfardan
bycawulineriku
 
Threat hunting for Beginners
bySKMohamedKasim
 
Threat hunting in cyber world
byAkash Sarode
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
Cyber Threat Hunting Workshop.pdf
byssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
byssuser4237d4
 
Threat_Hunting_Presentation (1).pptx for SIEM
bycybergod246
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
byInfosec
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
byInfocyte
 
Threat Hunting, Detection, and Incident Response in the Cloud
byBen Johnson
 
What Happens Before the Kill Chain
byOpenDNS
 
Hunting_GrrCON22.pdf
byPaül Jaramillo
 
cybersecurity-series-2019-threat-hunting.pdf
byCecilSu
 
Threat Hunting: From Platitudes to Practical Application
byDefCamp
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
byDigit Oktavianto
 
Introduction to Threat Hunting in an SOC
bywininlifeacademy5
 
Enhancing Cyber threat hunting for your team | 2021
byKharimMchatta
 

Recently uploaded

PDF
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PDF
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PDF
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
PDF
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
PPTX
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
PDF
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
PPTX
GraphQL Day Paris 2025 | Bringing DevOps to GraphQL with the Apollo GraphOS O...
byapidays
 
PPTX
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
PDF
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PPTX
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
GraphQL Day Paris 2025 | Bringing DevOps to GraphQL with the Apollo GraphOS O...
byapidays
 
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 

Building a Threat Hunting Practice in the Cloud

  • 1.
    BUILDING A THREAT HUNTINGPRACTICE IN THE CLOUD March 22, 2017
  • 2.
    2 James Condon Director ofThreat Research and Analysis ProtectWise Tom Hegel Senior Threat Researcher ProtectWise TODAY’S SPEAKERS
  • 3.
    3 • Threat Hunting101 • Requirements for Effective Threat Hunting • How the Cloud Can Help • Threat Hunting Best Practices • Questions • Next Steps TODAY’S AGENDA
  • 4.
    4 THREAT HUNTING 101 Followinganomalous behavior when or where it occurs to confirm whether it was an actual, active attack. Detection Catch and respond to known threats. vs. Hunting Identify detection gaps and unknown threats. Prevent future incidents.
  • 5.
    5 WHY HUNT FORTHREATS? Be More Proactive Catch What is Unknown and New Increased Team Skill, More Fun
  • 6.
  • 7.
    Maturity Capability Best practice detection and blocking(AV, Firewall, SIEMs, etc.) Advanced detection with limited response capability Detection and response automation, correlation across tools Hunting, long-term data collection, retrospective forensic capabilities 7 HOW MATURE IS YOUR TEAM?
  • 8.
    8 BEFORE YOU BEGIN MasterDetection and Response Correlate Activity Between Tools Automate As Much As Possible Detect on Quality Over Quantity
  • 9.
    9 REQUIREMENTS FOR EFFECTIVETHREAT HUNTING SearchIndexExtractStoreCapture Collect the Right Data Understand the Landscape
  • 10.
  • 11.
    HOW THE CLOUDCAN HELP 11 What do you get? ● Comprehensive context ● Continuous analysis ● Pervasive visibility Insight & Intelligence What does it give you? ● Unlimited storage ● Advanced analytics capabilities ● Unified haystack Scale & Power
  • 12.
    12 DETECTION VS. HUNTINGLOOPS Hunting is Proactive 1. Hypothesize 2. Test 3. Identify 4. Formalize Detection is Reactive 1. Activity observed 2. Engagement 3. Learn 4. Activity resolved 5. Tune Detection
  • 13.
    ● Foster aninvestigative mindset ● Develop and pursue leads ● Gather evidence ● Keep asking questions ● Avoid confirmation bias ● Avoid tunnel vision 13 THREAT HUNTING BEST PRACTICES
  • 14.
    14 THE REALITY OFHUNTING AT SCALE ● Not always about an APT ● Embrace the analyst mindset ● Expand your knowledge ● Share and grow together ● Look beyond InfoSec rockstars
  • 15.
    Differences between malicious &legitimate HTTP requests • Small number of headers • Headers out of order • Unusual or small User-Agents 15 MALICIOUS HTTP REQUEST EXAMPLES
  • 16.
    QUICK RECAP 16 A greatthreat hunting practice... • … acts proactively (hunting), not reactively (detection). • … collects the right data, and know your landscape • … relies on the cloud for scalability and power you need. • … follows best practices, they make you more effective. • … is realistic about outcomes and results.
  • 17.
  • 18.
    18 NEXT STEPS • We’llbe sending you a copy of our whitepaper “A Comprehensive Start-Up Guide for Proactive Threat Hunting Across Time.” • Questions? Email sales@protectwise.com
  • 19.