Hunt Before the Incident

Adversaries compromise at will, penetrating today as signature and IOC dependent detection capabilities. Most incident responders are locked in a cycle of constant reaction to the fraction of activity that is known. Often, undetected attackers remain active in the network as reported incidents are remediated. A new approach is needed to break the cycle of reaction and eradicate the unknown.

An offense-based approach must be adopted. Hunting puts the defender on the offense, allowing for rapid detection and remediation of threats. This talk will cover how incident responders can hunt within their network. Our expert will talk about the techniques and best practices to hunt with their environment.

Speaker Bio: Paul Ewing is a Senior Threat Researcher at Endgame. He leads Endgame's adversary hunt efforts by prototyping analytics to detect malicious behaviors and techniques used by cyber threats. Paul has over 8 years of experience supporting incident responses and leading hunting teams within the Federal Government. His career began as a computer programmer, but transitioned from software design to the pursuit of Advanced Persistent Threats. Paul is a Mathematician, obtaining his degree from Pennsylvania State University.