Cyber threat hunting is a proactive, iterative, and human-centered process of finding cyber threats that are inside a network that hasn’t been caught by existing security controls. It is now possible for attackers to stay inside a network for a long time and get information and move around without anyone noticing. It’s at this point that Threat Hunting comes in to help.
Threat hunting is based on the concept of “Assumed Breach “. It helps businesses answer questions like: How do we know when we’ve been breached? What is the evidence we have for this? And how do we use this information to improve our security?”
Using the knowledge or intelligence gained through Threat Intelligence, threat hunters can hunt down the advisories within the network and locate Indication of compromised (IoC).
Training content in general
- Introduction to Threat Hunting
- Threat Hunting Use Cases
- Hunting for The Indication of Compromise (IoC)
- Threat Hunting Methods
- Who Should Attend?
Why this workshop?
- Sophisticated threats are bypassing both perimeter and endpoint security.
- Increase the speed and accuracy of incident response
- Understand and reduce attack surface exposure / hardened network and endpoints.
- Reduce the time an adversary dwells on the network unnoticed.
- Detect/prevent the spread of the attack and lateral movement.
- Collect evidence of compromise.
At the end of this workshop the participants should be able to:
- Define Cyber Threat Hunting and explain its value to an organization
- Understand the Threat Hunting process
- Know the difference between Cyber Threat Intelligence and Threat Hunting and Incident Response, and they are related and can be used together
- Learn what data to collect and where to collect it
- Leverage both endpoint and network data for successful hunting
- Understand how to hunt for threats in your organization’s systems and network
- Understand the Hunting Maturity Model to measure your organization’s hunting capability
- Learn how to find and investigate malware, phishing, lateral movement, data exfiltration, and other common threats
- Network security professionals
- Incident responders.
- Penetration testers
- Red team members and other white hats
- Security analysts
- Security consultants and auditors
- Managers wanting to create threat-hunting teams
- Basic information security concepts should be understood.
- A working understanding of networking devices and protocols is required.
- Exposure to network monitoring and pentesting tools and methodology