How to Succeed at Threat Hunting & IR: Think Differently about Data
Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data. This session will explain how attackers can hide and misuse logs, agents, and standard security tools, and demonstrate effective approaches for countering their actions using network traffic analysis, passive monitoring, and real-time forensic data.
Join this session to learn:
- Understanding of current attack practices including abuse of legitimate traffic and encryption
- Ways hunters remain hidden from attackers to avoid your Counter IR maneuvers
- Ideas for making analysts faster and more effective at validating, investigating, and responding to threats
- Options for empowering cross-training and on-the-job training to increase analyst skills
- Clarity on how to gain visibility into cloud and encrypted traffic