Automated Threat Hunting

Automated Threat Hunting: the Man vs Machine Debate

Frank McClain

There has been a fair amount of discussion (and disagreement) about the role of machines and automated threat hunting. It’s the endless debate of man vs machine—or, as I like to think of it, “AI vs AI.” You might wonder how man/machine is the same as AI/AI, but that’s pretty simple: one stands for “Artificial Intelligence” and the other is … Read More

Threat Hunting vs Threat Mining

There’s Gold in Those Endpoints: Threat Mining vs Threat Hunting

Joe Moles

In my last post I talked about what threat hunting is and is not. Between that and our recent webinar on threat hunting, I’ve gotten a lot of questions and wanted to follow up with a deeper dive into how Red Canary analysts use threat hunting to find threats on behalf of our customers. My team eats, sleeps, and breathes … Read More

Threat Hunting

Threat Hunting Is Not a Magical Unicorn

Joe Moles

Threat hunting, like most market buzz terms, started with a concept or an idea, and then got overused and misused by every vendor, blogger, and Twitter account with an opinion. This has led to a lot of confusion for security teams that want to build a threat hunting capability. So what is threat hunting and how do you do it? … Read More

PowerShell Empire

Detecting Post Exploitation with EDR: What Security Teams Need to Know

Joe Moles

I recently joined Rick McElroy from Carbon Black on a webinar to discuss techniques for detecting post exploitation with EDR. The steady stream of questions reminded me how many people are interested in the topic. I’m passionate about helping people detect post exploitation behaviors and am always excited to share what I have learned. I wanted to circle back and share some … Read More