Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren’t valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group “domain admins” or RDPing from workstation to workstation and translating those to threat hunting queries. I will talk about how to start small and will give a few examples where we proactively found evil in our environment.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Modern Threat Hunting with your SIEM on a $0 Budget
Ryan Fried – Senior Security Engineer at Brooks Running
Ryan holds a masters degree in cyber security, has worked in the cybersecurity field for 9 years, and works as an adjunct professor teaching cyber security at a college for 7 years. Currently Ryan works for Brooks Running as a senior security analyst, specializing in security automation, network segmentation and purple teaming.
Adrian Sanabria – Director of Product Management at Tenchi Security
Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.
John Kinsella – Co-founder & CTO at Cysense
John Kinsella is the Co-founder & CTO of Cysense
Katie Teitler – Senior Security Strategist at Axonius
Katie Teitler is a cybersecurity content creator. In her current role with Axonius, she is part of the product marketing team, helping audiences understand the value proposition of cyber asset management as it pertains to risk reduction. In past roles, Katie was an industry analyst, research director, content marketer, and freelance author, and managed content and speakers for InfoSec World, now a flagship offering of the Cyber Risk Alliance.
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!