How to Successfully Implement a Global Threat Hunting Program

OVERVIEW

First, this talk is about my last five years of experience implementing a global threat hunting program in two Fortune 500 companies. In this talk, I will introduce the threat hunting concept and explain the following topics: what is threat hunting and what is not threat hunting, how to define/sync threat hunting process between Incident Response process, how to use Cyber Kill Chain, Pyramid of Pain, MITRE Att&ck Framework to develop your threat hunting mission, what are the recommended data sources you need to start your threat hunting program, what are the techniques you can use during your threat hunting engagement and a demo of threat hunting engagement to how to identify Data Exfiltration. I am available to offer a hands-on threat hunting workshop too.