Things that Make You go HMM: Using a Simple Hunting Maturity Model to Establish and Improve Your Threat Hunting Program

Things that Make You go HMM: Using a Simple Hunting Maturity Model to Establish and Improve Your Threat Hunting Program

A CISO that's heard that her organization needs to "get a hunt team" may legitimately be convinced that an active detection strategy is the right move, and yet still be confused about how to describe what the team's capability should actually be.
Organizations who are already doing some sort of hunting may be able to describe their current capabilities yet wonder “Where do we go from here?”

This talk first presents a simple Hunting Maturity Model (HMM), discussing the key characteristics and capabilities at each maturity level. Next, we use this model to show an appropriate maturity goal for a brand new capability, and then examine step-by-step what it takes to transition to each of the next levels. We’ll clear up the initial confusion about getting started and offer a roadmap for improvement. At the end of this presentation, attendees will understand what hunting is, what a good hunting capability looks like, and how to move from where they are to where they want to be.

49d635b47da1fee5d0972745390e0633?s=128

David J. Bianco

June 13, 2017
Tweet