Toppling the Stack: Outlier Detection for Threat Hunters - SANS Threat Hunting Summit 2017
So much of what we do as hunters is based on finding oddballs, but most published hunt procedures seem to rely on a single method: stack counting. In this session, we’ll examine a few other ways of finding outliers in your data, with samples and use cases for each.
David J. Bianco (@davidjbianco), Principal Engineer, Cyber Security, Target
David J. Bianco, Principal Engineer, Cyber Security, Target
David has over 20 years experience in the information security field, with the last 15 focusing on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net) and a member of the MLSec Project (http://www.mlsecproject.org). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (http://detect-respond.blogspot.com). @DavidJBianco
Видео Toppling the Stack: Outlier Detection for Threat Hunters - SANS Threat Hunting Summit 2017 канала SANS Digital Forensics and Incident Response
David J. Bianco (@davidjbianco), Principal Engineer, Cyber Security, Target
David J. Bianco, Principal Engineer, Cyber Security, Target
David has over 20 years experience in the information security field, with the last 15 focusing on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net) and a member of the MLSec Project (http://www.mlsecproject.org). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (http://detect-respond.blogspot.com). @DavidJBianco
Видео Toppling the Stack: Outlier Detection for Threat Hunters - SANS Threat Hunting Summit 2017 канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
3 мая 2017 г. 1:31:13
00:39:30
Другие видео канала
Threat Hunting via Sysmon - SANS Blue Team SummitSuricata IDS & IPS VS Kali-Linux AttackQuantify Your Hunt: Not Your Parents’ Red Team - SANS Threat Hunting Summit 2018Threat Detection and Hunting for Common MITRE ATT&CK TechniquesThe Cycle of Cyber Threat IntelligenceBuild it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018Using the MITRE ATT&CK Framework with Exabeam for Threat Hunting and InvestigationsThreat Hunting — DemystifiedHow to Build Threat Hunting into Your Security OperationsThreat Hunting with Network Flow - SANS Threat Hunting Summit 2017SANS Technology Institute Graduate Program: An Insider's ViewCyber Threat Hunting: Identify and Hunt Down IntrudersiOS Third Party Apps Analysis how to use the new reference guide poster"Scalable Anomaly Detection (with Zero Machine Learning)" by Arthur GonigbergDay 2 Wrap-Up Panel | SANS CTI Summit 2-21Episode 187: When to Stop Looking for Evidence - Part 3Will they Read my Reports? - Creating Value Driven Reports | Christopher Lopez | SANS CTI SummitEpisode 194: Apple RAM Acquisition - Part 1Episode 200: The Final EpisodeEpisode 188: When to Stop Looking for Evidence - Part 4