Wait… Are You Really Hunting Threats?

In a world where cyberattacks are increasing and stealthier, it is essential to take the lead in uncovering an attacker on the network that defense tools haven’t detected; that’s where threat hunting becomes more relevant. Doing a proactive search for malicious activity and understanding if we are focusing on the actors that can affect our business becomes crucial; also, taking into consideration SOC detections won’t be enough to detect sophisticated adversaries who change their behaviors and way to go. This presentation wants to address this to help defenders start a threat-hunting process and have a guide on the most relevant points they should focus on, such as prioritizing the adversaries that they want to detect according to business purpose and, at the same time, demystify threat hunting; these points are fundamental to creating a robust process that ensures you are in the right way to find real threats, additionally, impacting the dwell time in our organizations. Finally, understand the impact of Threat Hunting on blue team processes by translating hunting queries into long-running threat detections, adding further visibility to the SOC, and fostering Google’s “Hunt Once” rule; it is a key learning the author wants to bring to the audience.