lwalkeat April 19,2018 This was a great presentation. Ben Johnson did a great job in making good points about the importance of continuous reporting, automation of detection and context reporting. The presentation also talks about the importance having good IT hygiene to be able to efficiently farm your network, to help your hunting process. Overall, I personally found a lot of useful information I can use.
rjvanderat April 29,2018 Very worthwhile talk on threat hunting. Some of the more salient points that I will mention here are "compromise is inevitable" and "farming before hunting". No matter how good your perimeter defenses are a motivated attacker will almost always penetrate your network. Hunting for specific IOCs or behavioral anomalies should become standard practice instead of just an afterthought. Farming for intelligence on your network and supplementing that with cyber threat intelligence from outside sources will help you look for malicious actors on your network.
osufitchiat May 01,2018 Good talk on threat hunting. I appreciate that the speaker tied technical pieces and data analytics to threat hunting together. Finding anomalies has become increasingly easier with the help of powerful data analytics tools, such as SAS software. Threats, such as malicious insiders, need to work harder today when trying to blend in with innocent environments.
djoseph4at May 04,2018 I agree with all of the above comments. This information is definitely good to know, especially in relation to forensics. I really liked that he mentioned about thinking about the insider and doing threat hunting in relation to that. Insider threats are going to continue to be a problem, so we have to keep them in mind at all times.
kzurowskat June 16,2018 I agree with his comments that a reactive model is ineffective, and you have to have detection and threat hunting. However, I for many companies, reactions are norm. CEOs do not want to pay for security, because it doesn't drive profits. It's like he mentions the two security engineers processing hundreds of alerts at a time; there's a lot of manpower that goes into detection. It pays off in the long run, but people don't always see that.