Hi [[ session.user.profile.firstName ]]

Q&A With Hunting Expert Eric Cole

Join us for a Q&A session with SANS Fellow Dr. Eric Cole, as we explore current hunting trends and best practices from Dr. Cole's 20+ years of infosec experience. We'll be diving into topics like:

-Network vs. host-based hunting
-How to jump-start a hunting program
-Current and future trends in threat hunting
Recorded Dec 21 2017 13 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dr. Eric Cole, SANS Fellow, Security Author/Teacher
Presentation preview: Q&A With Hunting Expert Eric Cole

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Q&A With Hunting Expert Eric Cole Recorded: Dec 21 2017 13 mins
    Dr. Eric Cole, SANS Fellow, Security Author/Teacher
    Join us for a Q&A session with SANS Fellow Dr. Eric Cole, as we explore current hunting trends and best practices from Dr. Cole's 20+ years of infosec experience. We'll be diving into topics like:

    -Network vs. host-based hunting
    -How to jump-start a hunting program
    -Current and future trends in threat hunting
  • The Role of Intelligence in Hunting: Spotlight Interview with Keith Gilbert Recorded: Nov 9 2017 13 mins
    Keith Gilbert, Threat Researcher and Security Technologist, Sqrrl
    Veteran threat researcher Keith Gilbert sits down for an interview on threat intelligence in hunting. Watch to learn about:

    -How to convert data into actionable threat intel
    -Best techniques for leveraging threat intel on a hunt
    -Tips and best practices from Keith's threat hunting career
  • Offensive Countermeasures: Threat Hunting Spotlight with Matthew Hosburgh Recorded: Sep 14 2017 23 mins
    Matthew Hosburgh, Cyber Threat Hunter, Radian
    Join us for a new spotlight interview with Matthew Hosburgh, threat hunter for Radian. We'll be talking about:

    -Offensive Countermeasures/Decoy Platforms: what they are, and how to use them
    -How to build a threat hunting program
    -Threat hunting vs. alert-based investigations
  • Hunter Spotlight with Samuel Alonso: Gaining Network Visibility Recorded: Aug 10 2017 28 mins
    Samuel Alonso, Senior Cybersecurity Analyst
    In this half-hour interview, Sqrrl sits down with experienced hunter Samuel Alonso for his best advice on threat hunting, focusing on:

    - Gaining network visibility (best tools, data sources, and more)
    - Samuel's experience as a threat hunter and lessons learned
    - Practical tips for both new and experienced hunters

    About the Threat Hunter:
    Samuel is a Senior Cybersecurity Analyst, formerly working at KPMG. He has extensive experience in threat hunting, information security practices, and business development,
  • Knowing and Pivoting Through Your Data (Hunter Spotlight) Recorded: Jul 19 2017 32 mins
    Chris Sanders, Founder, Applied Network Defense
    In this month's hunter spotlight, we sit down with Chris Sanders, veteran hunter with over 10 years experience, as we discuss:
    - How to manage different data sources for hunting
    - Best pivoting practices and rules of thumb
    - How to convert findings into actionable intelligence
    - Techniques for reducing evidence abstraction
  • Threat Hunting: Past, Present, and Future Recorded: Jul 11 2017 52 mins
    Richard Bejtlich, Security Author, Brookings Fellow
    This panel reunites the original GE CIRT incident handlers to share their perspective on threat huntings origins and current direction. Topics include:

    - Foundations, principles, and how to get started
    - Requirements, data sources, and visibility
    - Early technologies and approaches
    - Personnel development and mentoring
    - Challenges, especially at scale
  • Hunter Spotlight: Interview with Danny Akacki, Fortune 100 Hunter Recorded: Jun 22 2017 33 mins
    Danny Akacki, Threat Hunter, Fortune 100 Company
    Danny Akacki works on the Hunt Team for a Fortune 100 Finance Company. In this interview, Danny will share his experiences hunting and discuss:

    1. What makes a good hunter?
    2. What makes a good hunt program?
    3. How mature does an org need to be in order to benefit from a hunting program?
    4. Why should you avoid hunting before your org is ready?
    5.What's the difference between an investigation and a hunt?
  • Hunting From Network to Endpoint (Hunter Spotlight) Recorded: May 25 2017 31 mins
    Ryan Nolette, Hunter and security technologist at Sqrrl
    Ryan Nolette, Sqrrl's hunter and security technologist, will break down:
    • Determining what endpoints to investigate in a hunt
    • Pivoting from network to endpoint investigations
    • Essential tools and best practices for endpoint hunting

    About the hunter:
    Ryan is Sqrrl's primary security technologist and expert. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With over a decade in the infosec field, Ryan has been on the product and operations side of companies such as Carbon Black, Crossbeam Systems, SecureWorks and Fidelity. Ryan has been an active speaker and writer on threat hunting and endpoint security.
  • Conducive Environments for Successful Threat Hunting (Hunter Spotlight) Recorded: May 24 2017 32 mins
    Jason Smith, Security Operations Investigator Manager at Cisco
    Veteran threat hunter Jason Smith will detail:
    • How to structure your Security Operations Center (SOC) and network to help uncover hidden threats
    • Best practices to make hunting data accessible and fluid
    • Essential tools and tips from Jason's hunting experiences

    About the hunter:
    Jason Smith has a background in physics and has built everything from particle
    accelerators to explosive neutralizing robots used by the military. He has worked in multiple US Department of Defense SOCs and has worked with the largest security vendors to operationalize security in the world's largest
    organizations. Jason co-wrote Applied Network Security Monitoring and maintains the open source project FlowBAT, a graphical flow data analysis tool. Jason currently works remotely for Cisco from his home in Nashville, TN.
  • Leading and Building Threat Hunting Teams (Hunter Spotlight) Recorded: May 23 2017 33 mins
    Alan Orlikoski, Security Engineer at Square Inc.
    Our Hunter Spotlight series kicks off with Alan Orlikoski. From his 16+ years of security experience, Alan will share:
    • Organizational strategies that work for both hunters and SOC managers
    • How to create and sustain effective hunting teams
    • Best practices and tools in the field

    About the hunter:
    Alan Orlikoski is a Security Engineer and Incident Responder with over 17 years of experience. He analyzes and tests existing incident response plans, conducts forensic investigations and provides incident response and forensics training. Alan has an extensive computer forensics background and has been a leader in some of the largest incident response and security operations center development programs in the history of the respective companies.
  • Modernizing Your SOC: A CISO-led Training Recorded: Apr 21 2017 66 mins
    Edward Amoroso, CEO of TAG Cyber, former CISO at AT&T
    Modern SOCs looks very different than those that were built even a few years ago. This webinar discusses the fundamental shifts in thinking and technology that allow security teams to spend more time seeking out and detecting advanced attacks. You'll learn:

    • Key characteristics of high-performing security programs
    • How to react faster and more efficiently to new, advanced threats
    • Necessary skills for hunt teams and how to measure their performance
    •The effectiveness of threat hunting in reducing the dwell time of adversaries
  • Threat Hunting for Command and Control Activity Recorded: Mar 16 2017 63 mins
    Josh Liburdi, Threat Hunter and Security Technologist at Sqrrl
    Sqrrl's Security Technologist Josh Liburdi provides an overview of how Sqrrl is used to detect C2 through a combination of automated detection and hunting. You'll learn:

    • How hunting can fill gaps not covered by automated alerts
    • The Hunting Maturity Model and how Sqrrl's capabilities align with it
    • Sqrrl's machine learning TTP detectors use in detecting C2, including Domain Generation Algorithms and DNS tunneling
    • Walkthroughs of detecting C2 with common hunting techniques, including IOC searching and data stacking
  • Leveraging DNS to Surface Attacker Activity Recorded: Mar 2 2017 63 mins
    Chris McCubbin, Director of Data Science at Sqrrl, and Josh Liburdi, Security Technologist at Sqrrl
    Watch this training to learn how to uncover advanced threats using DNS and data science. You'll learn:

    • What DNS is and how adversaries can utilize it to carry out attacks
    • How to use DNS data to launch an incident investigation
    • How to leverage data science techniques to detect DNS behaviors like DGA
    • The practical fundamentals of how these data science techniques work
Target. Hunt. Disrupt advanced cyber threats.
Sqrrl is the threat hunting company that enables organizations to target, hunt, and disrupt advanced cyber threats.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Q&A With Hunting Expert Eric Cole
  • Live at: Dec 21 2017 3:00 pm
  • Presented by: Dr. Eric Cole, SANS Fellow, Security Author/Teacher
  • From:
Your email has been sent.
or close