Explore the critical need for proactive defense and threat hunting within organizations in this conference talk from BSides Tampa 2015. Delve into the reasons behind threat hunting's importance and gain a comprehensive understanding of its implementation. Learn about key areas of focus, including running processes, process privileges, network activity, kernel drivers, and persistence mechanisms. Discover how to effectively incorporate incident response teams, prepare for potential incidents, and utilize documentation for internal training. Examine the balance between security spending and incident response preparedness, and understand the importance of executive support in implementing robust cybersecurity measures. Conclude with valuable insights and engage in a Q&A session to further enhance your knowledge of proactive cybersecurity strategies.
Overview
Syllabus
Intro
Why is Threat Hunting Needed?
What is Threat Hunting?
Running Processes
Process Privileges
Network Activity
Kernel Drivers
Persistence Mechanisms
Scheduled Tasks
Services
Anti-Virus & HIPs
What is the End Result?
How Do You Get There?
IT Security Pre-Deployment
Incorporating the IR Team Pre-Deployment
Incident Preparedness
Utilizing Documentation
Documentation into Internal Training
About Executive Support...
Spending: Security vs IR Preparedness
Conclusions
Questions/Comments?
