| Channel | Publish Date | Thumbnail & View Count | Download Video |
|---|---|---|---|
 | Publish Date not found |  0 Views |
NOTE: In the first 30 minutes, I present a fairly detailed overview of current industry practices and theories related to threat hunting.
*If you would like to skip the overview portion of this threat hunting presentation and go straight to my research and findings, they start at 27:00.
*The application of my research to threat hunting (including the improved Kill Chain Model and discussion of /“Detection in Breadth/”) begins at 36:00.
ABSTRACT:
This research paper presents and justifies a revolutionary threat hunting strategy that aligns hunting operations with a hybrid kill chain model that incorporates the recursive nature of lateral movement into Lockheed Martin's kill chain. Existing security models are analyzed in relation to threat detection; these include Lockheed Martin's Kill Chain, Mandiant's Attack Lifecycle model, David Bianco's Pyramid of Pain, and Defense in Depth. "Hunting with arbitrary indicators of compromise (ad hoc search)" (also known as "shotgun" approach) and "Focused threat operations (depth search)" (also known as "detection bottlenecks" approach) are examined as threat hunting strategies. Data provided by survey respondents was also analyzed. These included: demographics, controls, organizational maturity, and threat hunting tactics. It was found that visibility in arming and reconnaissance was significantly lacking compared to the other phases of the kill chain, and that indicators obtained from each progressive phase of the kill chain were perceived as increasingly more valuable than those from previous phases. It also presents an innovative strategic threat hunting model that aligns with the SANS Institute's five recommendations for improving threat hunting maturity (Cole, 2017). This model recommends distributing detection within each phase of the attack lifecycle because "depth of detection" can be examined at each phase of the kill chain to identify deviations and gaps. This comprehensive, breadth-first search strategy is superior to both ad hoc and depth-first search because it forces attackers to increase their evasion and obfuscation effort by up to a factor of seven because they must actively evade the hunt team at each phase of the attack cycle. By strategically aligning threat hunting tactics across all seven phases of the kill chain, the likelihood of detecting an attacker ultimately increases by up to 700%.
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.
