Is There a Difference Between Threat Hunting and Reviewing Your Detection Systems?

Guest: 

• John Stoner, Principal Security Strategist @ Google Cloud

Topics:

• Please define threat hunting  for us quickly, the term has been corrupted a bit

• What are your favorite beginner hunts to jump start the effort at a new team?

• How to incorporate hunting lessons in detection?

• What are the differences for hunting in the cloud?

• Are there specific data sources you prefer to have access to when threat hunting? In the cloud?

• Should every organization threat hunt?

• What are traits you might look for in a threat hunter?

Resources:

• “The Who, What, Where, When, Why and How of Effective Threat Hunting”

• Awesome Threat Detection and Hunting 

• “My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting” video

• NIST Computer Security Incident Handling Guide 800-61

• “Threat Hunting Is Not for Everyone” (2020)

• “Formulating An Intelligence-Driven Threat Hunting Methodology”  video