Threat Hunting - Catching the Insider Threat

Threat hunting was born out of the need to counter bad actors operating at-will INSIDE an enterprise.  Refined in military over a decade ago and employed by Fortune 500 and government agencies, this approach is now available to small and medium businesses intent on protecting their most valuable information and data.

Argo officers an effective training forum for collaborating on how to address, manage, and respond to various cyber threats and actors. This program is for technical security staffs and system administrators responsible for security of their networks. It will include one (1) day of formal, hands-on instruction on threat hunting techniques, and two (2) days of guided and unguided hands-on technical exercises conducted in a realistic virtual environment – or cyber range.

The cyber range platform and environment is provided by Argo P@cific.

Each session consists of an overview of a specific cyber threat scenario presented by an Argo security expert; demonstration of the attack or exploit used; an exercise wherein participants examine ways to detect and mitigate the attacks; and a post-event review of actions taken, best practices, questions for further research or testing, and techniques to apply in security operations.

Our presenters’ experiences in fully-scaled hunting operations catching advanced attackers offer participants a unique and timely source of information on a variety of topics – including:

What is Cyber Threat Hunting?

  • Why is it needed?
  • How does it fit into your overall security program?

Hunting Methodologies

  • Behavioral patterns vs. signatures
  • Where cyber threat intelligence can best help...and where it can't

Tooling and Enablement

  • Endpoint sensors / logging
  • Sensor data / log aggregation
  • Analytics with Splunk and Elastic Search

© Copyright Argo P@cific