Hunting Them All
Threat hunting is a fascinating field that based on the assumption of ‘assuming compromise’, intends to find and identify existing threats in a given network. Looking for threats in a network is challenging, as you assume that the unknown threat you are trying to look for already bypassed all the security mechanisms in place. Can you imagine doing threat hunting at big scale? Now imagine doing threat hunting at a really big, big scale.
This talk will walk you through my experience as a threat hunter in hundreds of networks simultaneously covering more than a million hosts. I will explain how the right combination of different Machine Learning techniques makes this possible, explaining also the challenges and limitations we often face when working with big data. This talk will be illustrated with the methodologies utilized and a technical explanation of novel findings in the 2 years of hunting I’ve experienced.
If I have the data, can I hunt them all? Join me in my attempt to hunt them all.