Framing Threat Hunting in the Enterprise - SANS Threat Hunting Summit 2017

There is a tendency to focus on the purely technical solutions to the problem of unknown attackers in our networks. This completely ignores the need to be able to justify the high cost of technical solutions and technical people. By wrapping a proper hunting framework around the technical expertise we can satisfy both the need to be technical proficient but also to generate the necessary support and communication to ensure the maturation of the hunting program and the growth of the organization as a whole. The introduction of the Threat Hunting Framework provides an evidence based methodology to ensure these goals. This talk will focus on how to take hunting that is being done in your environment and leveraging that for the growth of the org. Beyond the technical challenges of hunting, of which are many, there also lies organizational challenges surrounding how we approach hunting on a programmatic level. At the root of hunting lies cost to the organization which may hamper the growth and maturation of an organizations hunting efforts. This talk will address a systemic way to frame hunting within the organization that will enable technical staff to take the weekly activities of hunting and leverage that to promote maturation of the hunting program, the ability of an organization to further detect threats, and overall growth of an organization. Joseph Ten Eyck (@joseph.teneyck), Lead Information Security Analyst, Target Corporation