The Who, What, Where, When, Why and How of Effective Threat Hunting

by Robert M. Lee and Rob Lee
Sept. 1, 2017 0 comments SANS Institute Detection & Response threat hunting

The chances are very high that hidden threats are already in your organization’s networks. Organizations can’t afford to believe that their security measures are perfect and impenetrable, no matter how thorough their security precautions might be. Having a perimeter and defending it are not enough because the perimeter has faded away as new technologies and interconnected devices have emerged. Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools by, for example, making their attacks look like normal activity.

https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-huntin...