5 of the most significant challenges in threat hunting and how to address them
Threat hunting is generally described as a discipline that involves iteratively looking for threats that have bypassed existing security infrastructures. In practice, threat hunting is currently being done by a variety of types of people, using a variety of different tools and techniques.
There are various challenges associated with threat hunting; among them the issue of finding the needle in the haystack and doing so quickly, without compromising on quality and correctness, especially (though not solely) in a large-scale and distributed environment.
The penalty for being too slow and/ or incorrect and/ or missing the needle altogether is severe. In this talk, Daniel will share lessons learnt and what we consider to be best practices, based on the 5 of the most significant challenges that people face when doing threat hunting work.