Key Learning Points
- Searching for known-bad malicious behaviors is no longer effective
- Hunt teams rely heavily upon intelligence collection and hunt-appropriate analytics
- Active hunting requires data analysis with ad-hoc queries and large-data visualization
- Requires the right technology to search large volumes of security event data
It is becoming more challenging to discover and detect malicious behavior in our enterprises. Through analytics, we are able to do a fairly decent job detecting known malicious behavior, however, we don’t do well when it comes to looking for behavior that does not match a known pattern. Using a “Hunt Team” can help to bring the unknown into the “known” through rapid security event exploration.
About Shogo Cottrell
Shogo Cottrell is the Security Strategist within the Enterprise Security Products business unit at Hewlett-Packard. In this role, Mr. Cottrell is responsible for driving strategic initiatives and providing thought leadership and insight regarding the ever-changing global threat landscape.
Prior to joining HP, Mr. Cottrell led Information Security functions in the retail and financial services industries where he established information security programs designed to protect from emerging and existing threats.
Mr. Cottrell started his career as an Information Systems Officer in the U.S. Marine Corps and has over 20 years of Information Security and Information Technology leadership experience.