A Threat Hunters Methodology: Enhancing your Security Operation Center
Enabling the right event logging and centralizing the collection of different data sources is finally becoming a basic security standard. Collecting and storing security event data has become an inexpensive task for organizations of all sizes. Even though this has allowed companies to increase the level of visibility from a data perspective, there are multiple challenges that analysts still face because of the amount of data being collected. Traditional SIEM capabilities are not cutting it anymore and they are limiting the way that data can be described or analyzed. In addition, not only do security analysts need the right technology, but it is also very important to have a well defined methodology when hunting for adversarial techniques.
Trying to find the needle in the haystack is becoming a little bit more challenging. The idea now is to find relationships & structural patterns among potential needles in the haystack and identify the most interesting ones. This is the basis of threat hunting and it calls for complementary advanced analytic techniques, and a structured approach via adversarial detection playbooks that go beyond ad-hoc hunting operations. In this workshop, we will focus on showing the whole process of consuming diverse datasets from endpoints, standardizing all the data, creating the right data analytics, and prototyping future hunting engagements via the development of hunting playbooks.
This course aims to provide you enough knowledge about the technology used to expedite ingestion and analysis of security events, and the methodology used for SpecterOps to plan and execute hunting engagements across several organizations.