Threat Hunting & Triage in IR SOC Operations
One of my favorite sessions from this year’s conference was titled “Threat Hunting & Triage in IR/SOC Operations” and was presented by Michael Auger and Jessica Bair, two professionals from Cisco Systems Advanced Threats Solutions / AMP Threat Grid division. Michael and Jessica gave a compelling presentation on the offerings of Cisco’s Threat Grid for Law Enforcement Program. They offered the audience members free access to the program to understand its capabilities and test its features!
Michael discussed David Biano’s “Simple Hunting Maturity Model” and how important it is for IR/SOC Operations to be moving from a reactive triaging methodology to a proactive threat hunting model. Moreover, the presentation offered Michael’s solutions to reaching the more complex IR/SOC threat hunting models by automating certain tasks required in Incident Response / SOC Operations. Michael demoed his scripts. He explained how he wrote the scripts, what they were doing, and how they could easily be modified. Furthermore, Michael even shared his scripts with the group so that we could download and use them in our own IR/SOC Operations!
My biggest takeaway from this session was how useful automation can be in IR/SOC operations. Michael discussed different ways analysts can utilize automation.
The Enfuse Conference provided me many opportunities to broaden my understanding of the Digital Forensic / Cybersecurity industry. I made connections with others who are just as passionate about this work as I am. I was also able to explore and experience Las Vegas with my friends and colleagues! I’d like to thank OpenText and Champlain College for affording me the opportunity to attend Enfuse for the past three years. I can only hope to attend another conference next year!