Search Icon
Register

Continuous Threat Hunting: Expanding beyond alerts to detect modern threats with rigorous, repeatable threat hunting.

Cherlynn Cha (ExpressVPN)

Alerts serve as the backbone of most SOCs, but alerts alone cannot detect modern, advanced threats without being so noisy that they quickly induce analyst fatigue. Threat hunting has arisen as a complement to alerting, but most SOCs do not operationalize threat hunting with the same rigor as alerting. In this session, we will discuss how SOC teams can overcome this through a model we call Continuous Threat Hunting: using analytic-driven methods to cover more data, but with a standardized approach designed to produce repeatability, effectiveness, and confidence in result.

View More Papers

Automating Remediation: Accelerating Mean Time to Response for Externally...

Johnathan Wilkes, John Anny (Palo Alto Networks)

Read More

On Precisely Detecting Censorship Circumvention in Real-World Networks

Ryan Wails (Georgetown University, U.S. Naval Research Laboratory), George Arnold Sullivan (University of California, San Diego), Micah Sherr (Georgetown University), Rob Jansen (U.S. Naval Research Laboratory)

Read More

Detection-as-Code: Build threat detections the way you build software

Cherlynn Cha (ExpressVPN)

Read More

A Comparative Analysis of Difficulty Between Log and Graph-Based...

Matt Jansen, Rakesh Bobba, Dave Nevin (Oregon State University)

Read More