Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks.
Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.
2. Infocyte HUNT™ - Guide to Forensic State Analysis
Topics in the Threat Hunting 101 Webinar
Infocyte and Mitre ATT&CK
• Detect and Evict Malicious Actors to decrease
dwell time.
Analyzing the Survey Results
• Discovery
• Correlation
• Understanding Enriched Data
Workflows and Best Practices
• Flags
• Documentation
• White / Black Listing
Asset Discovery & Scanning
Proactive Threat Hunting
101
202
Do I know all of my networked assets and where they are?
What applications are installed in my network? Which are vulnerable?
Many companies who have been breached don’t know it for weeks or months.
How can I detect and characterize these risks better?
3. Where Does Threat Hunting Fit?
Threat Hunting tools differ from traditional protection solutions in two ways:
1. Scope - What they look for (Indicators of Attack vs. Post-Compromise Presence)
2. Depth – How they look for it (IOCs/Signatures vs. Inspecting Memory, Outliers & Anomalies)
Threat Hunting is the proactive effort to detect and respond to threats
that make it into a network before they can achieve their objectives
Protection Threat Hunting
ATT&CK
™ https://attack.mitre.org/
4. Infocyte HUNT™ - Guide to Forensic State Analysis
Validating integrity via live forensic analysis of a set of hosts
Everything you learn is useless… unless…
• Maintain a repeatable and enforceable process and policy around threat
hunting.
• Analyze
• Document
• Remediate
• Analyze
• Make a commitment for your team to dedicate a set amount of time each
day or week for your team to attack the threats.
• Address the high level threats
• Research the suspicious
• Keep the Inbox clean
• Look to securing your future against vulnerabilities