The enterprise threat hunter must walk a delicate tight rope. Use too narrow of a hypothesis and you might miss threats. Use too broad of a hypothesis and you might never be able to sort through all of the noise to find the actual threats. Striking this balance is a daily process. The best hunters leverage a well refined process and advanced tools to ensure they are as efficient as possible.
Join Mike Haag as he explains the process he used to find new evil across his enterprise with 70,000 endpoints. He will explain the tools he used, how he translated hunts into detection criteria, and how he developed new hypotheses.