Hunting for the unknowns...Where to start?
Summary
This article discusses the challenges of threat hunting in complex IT environments with vast amounts of data from various sources. It highlights a presentation by John Bambenek offering practical techniques for analyzing security data to uncover previously unknown threats and build custom detection methods.
IFF Assessment
FRIEND
This is good news for defenders as it provides actionable advice and strategies for improving threat detection capabilities.
Defender Context
Defenders need to develop proactive hunting strategies to identify threats that bypass existing security controls. This involves mastering data analysis techniques and building custom detection logic based on the unique telemetry of their environment.