2026-04-07 00-45-33
May 31, 2026 22:23
· 36:45
· English
· Whisper Turbo
· 2 רמקולים
תעתיק זה פג היום.
שדרוג לאחסון קבוע →
מציג בלבד
0:00
S…
Speaker 1 (2026-04-07 00-45-33)
really anything in the network infrastructure that...
0:07
S…
Speaker 2 (2026-04-07 00-45-33)
In this video,
0:08
S…
Speaker 1 (2026-04-07 00-45-33)
we're going to take a look at what threat hunting is
0:12
S…
Speaker 1 (2026-04-07 00-45-33)
and some of the goals when we're talking about threat hunting.
0:16
S…
Speaker 1 (2026-04-07 00-45-33)
What are we trying to accomplish with threat hunting?
0:19
S…
Speaker 1 (2026-04-07 00-45-33)
So first of all,
0:20
S…
Speaker 1 (2026-04-07 00-45-33)
what is threat hunting?
0:23
S…
Speaker 1 (2026-04-07 00-45-33)
Threat hunting is a proactive activity.
0:26
S…
Speaker 1 (2026-04-07 00-45-33)
We are proactively going through and looking for various different
0:30
S…
Speaker 1 (2026-04-07 00-45-33)
types of threats in the infrastructure.
0:32
S…
Speaker 2 (2026-04-07 00-45-33)
And we do this
0:34
S…
Speaker 1 (2026-04-07 00-45-33)
using things like logs from various different systems,
0:38
S…
Speaker 2 (2026-04-07 00-45-33)
our endpoints,
0:39
S…
Speaker 1 (2026-04-07 00-45-33)
our servers and workstations on the network,
0:41
S…
Speaker 1 (2026-04-07 00-45-33)
network devices,
0:42
S…
Speaker 1 (2026-04-07 00-45-33)
your authentication systems,
0:44
S…
Speaker 1 (2026-04-07 00-45-33)
really anything in the network infrastructure that can generate logs
0:49
S…
Speaker 1 (2026-04-07 00-45-33)
can have useful information when we're talking about looking for
0:53
S…
Speaker 1 (2026-04-07 00-45-33)
these threats.
0:54
S…
Speaker 1 (2026-04-07 00-45-33)
Now,
0:55
S…
Speaker 1 (2026-04-07 00-45-33)
threat hunting is a proactive activity as opposed to a
0:59
S…
Speaker 1 (2026-04-07 00-45-33)
reactive activity.
1:01
S…
Speaker 1 (2026-04-07 00-45-33)
Reactive means essentially reacting to alerts
1:06
S…
Speaker 1 (2026-04-07 00-45-33)
that may come in from various different systems.
1:09
S…
Speaker 1 (2026-04-07 00-45-33)
Without threat hunting,
1:10
S…
Speaker 2 (2026-04-07 00-45-33)
typically your indication,
1:13
S…
Speaker 1 (2026-04-07 00-45-33)
your really only indication of malicious activity is based on some
1:17
S…
Speaker 1 (2026-04-07 00-45-33)
of these alerts from your EDR systems,
1:19
S…
Speaker 1 (2026-04-07 00-45-33)
from your security operations center,
1:21
S…
Speaker 1 (2026-04-07 00-45-33)
your logging systems,
1:22
S…
Speaker 1 (2026-04-07 00-45-33)
intrusion prevention systems,
1:24
S…
Speaker 2 (2026-04-07 00-45-33)
any of those.
1:25
S…
Speaker 1 (2026-04-07 00-45-33)
But all of these types of alerts are all based on predefined
1:30
S…
Speaker 1 (2026-04-07 00-45-33)
criteria.
1:31
S…
Speaker 1 (2026-04-07 00-45-33)
But what happens when you get a threat on the network or malware on the network
1:35
S…
Speaker 1 (2026-04-07 00-45-33)
that doesn't match the predefined criteria for those
1:40
S…
Speaker 1 (2026-04-07 00-45-33)
alerts?
1:40
S…
Speaker 1 (2026-04-07 00-45-33)
What happens when those systems don't detect the
1:44
S…
Speaker 1 (2026-04-07 00-45-33)
malicious activity?
1:47
S…
Speaker 1 (2026-04-07 00-45-33)
So threat hunting is proactive.
1:49
S…
Speaker 1 (2026-04-07 00-45-33)
We are going and searching through the logs for any sort of
1:53
S…
Speaker 1 (2026-04-07 00-45-33)
indicators of compromise.
1:55
S…
Speaker 1 (2026-04-07 00-45-33)
Indicators of compromise is a term you will hear very frequently when we're
1:59
S…
Speaker 1 (2026-04-07 00-45-33)
talking about threat hunting.
2:00
S…
Speaker 1 (2026-04-07 00-45-33)
It's usually just abbreviated as IOC,
2:03
S…
Speaker 1 (2026-04-07 00-45-33)
indicators of compromise.
2:06
S…
Speaker 1 (2026-04-07 00-45-33)
The reactive measures are not good enough
2:10
S…
Speaker 1 (2026-04-07 00-45-33)
when it comes to looking for advanced threats on
2:14
S…
Speaker 1 (2026-04-07 00-45-33)
the network.
2:15
S…
Speaker 1 (2026-04-07 00-45-33)
And we'll get into what some of those advanced threats are here in
2:19
S…
Speaker 1 (2026-04-07 00-45-33)
just a minute.
2:20
S…
Speaker 1 (2026-04-07 00-45-33)
Threat hunting uses what's known as an assumption of
2:25
S…
Speaker 1 (2026-04-07 00-45-33)
breach or a concept known as assume breach,
2:28
S…
Speaker 1 (2026-04-07 00-45-33)
and we'll talk about that here in a second.
2:30
S…
Speaker 1 (2026-04-07 00-45-33)
It is not meant to replace any of the alert
2:34
S…
Speaker 1 (2026-04-07 00-45-33)
-based detections.
2:36
S…
Speaker 1 (2026-04-07 00-45-33)
It's meant to work with those systems in a
2:40
S…
Speaker 1 (2026-04-07 00-45-33)
defense -in -depth strategy,
2:42
S…
Speaker 1 (2026-04-07 00-45-33)
having multiple layers of defense.
2:45
S…
Speaker 2 (2026-04-07 00-45-33)
In this case,
2:46
S…
Speaker 1 (2026-04-07 00-45-33)
to different layers being reactive alerts that can be responded to
2:50
S…
Speaker 1 (2026-04-07 00-45-33)
that are looking for a lot of the more simpler malware,
2:53
S…
Speaker 1 (2026-04-07 00-45-33)
and your threat hunting that is looking for your more advanced malware.
2:57
S…
Speaker 1 (2026-04-07 00-45-33)
Now,
2:58
S…
Speaker 1 (2026-04-07 00-45-33)
threat hunting isn't just useful for just finding
3:02
S…
Speaker 1 (2026-04-07 00-45-33)
threats.
3:03
S…
Speaker 1 (2026-04-07 00-45-33)
It's also useful for finding different systems that may be misconfigured
3:08
S…
Speaker 1 (2026-04-07 00-45-33)
or the use of...
3:09
S…
Speaker 1 (2026-04-07 00-45-33)
non -approved software,
3:11
S…
Speaker 1 (2026-04-07 00-45-33)
any sort of vulnerabilities,
3:13
S…
Speaker 1 (2026-04-07 00-45-33)
things like that.
3:14
S…
Speaker 1 (2026-04-07 00-45-33)
It's not just for finding malicious activity,
3:18
S…
Speaker 1 (2026-04-07 00-45-33)
but that is its primary purpose.
3:21
S…
Speaker 1 (2026-04-07 00-45-33)
So let's talk about what assume breach means.
3:25
S…
Speaker 2 (2026-04-07 00-45-33)
Basically,
3:26
S…
Speaker 1 (2026-04-07 00-45-33)
as the name kind of implies,
3:27
S…
Speaker 1 (2026-04-07 00-45-33)
it's carrying out your investigation,
3:29
S…
Speaker 1 (2026-04-07 00-45-33)
your analysis activities,
3:31
S…
Speaker 1 (2026-04-07 00-45-33)
assuming that there is already a threat hunter on
3:36
S…
Speaker 1 (2026-04-07 00-45-33)
the network carrying out these malicious activities.
3:38
S…
Speaker 2 (2026-04-07 00-45-33)
Now,
3:39
S…
Speaker 1 (2026-04-07 00-45-33)
this requires a lot of other assumptions and hypotheses,
3:42
S…
Speaker 1 (2026-04-07 00-45-33)
and you will come across that hypothesis kind
3:46
S…
Speaker 1 (2026-04-07 00-45-33)
of concept in threat hunting a lot also.
3:49
S…
Speaker 1 (2026-04-07 00-45-33)
It requires an assumption or a theory or hypothesis
3:53
S…
Speaker 1 (2026-04-07 00-45-33)
about what system might be compromised.
3:56
S…
Speaker 1 (2026-04-07 00-45-33)
You have to have somewhere to start.
3:58
S…
Speaker 1 (2026-04-07 00-45-33)
How that system might be compromised,
4:01
S…
Speaker 1 (2026-04-07 00-45-33)
what threat actor might be involved with this malicious activity,
4:05
S…
Speaker 1 (2026-04-07 00-45-33)
and what those threat actors' TTPs
4:09
S…
Speaker 2 (2026-04-07 00-45-33)
may be.
4:10
S…
Speaker 1 (2026-04-07 00-45-33)
TTPs are tactics,
4:12
S…
Speaker 1 (2026-04-07 00-45-33)
techniques,
4:13
S…
Speaker 2 (2026-04-07 00-45-33)
and procedures.
4:14
S…
Speaker 1 (2026-04-07 00-45-33)
We'll talk about those in much more detail later in the course.
4:18
S…
Speaker 1 (2026-04-07 00-45-33)
Again, we're not necessarily reacting to an alert or
4:23
S…
Speaker 1 (2026-04-07 00-45-33)
to a threat or anything.
4:24
S…
Speaker 1 (2026-04-07 00-45-33)
We are proactively going through and looking for
4:29
S…
Speaker 1 (2026-04-07 00-45-33)
these types of things with the assumption that they are already
4:33
S…
Speaker 1 (2026-04-07 00-45-33)
happening on the network.
4:36
S…
Speaker 1 (2026-04-07 00-45-33)
You'll hear threat hunting and incident response talked
4:40
S…
Speaker 1 (2026-04-07 00-45-33)
about together a lot.
4:42
S…
Speaker 1 (2026-04-07 00-45-33)
But just keep in mind,
4:44
S…
Speaker 1 (2026-04-07 00-45-33)
threat hunting is not incident response.
4:48
S…
Speaker 1 (2026-04-07 00-45-33)
They are two very different activities.
4:50
S…
Speaker 2 (2026-04-07 00-45-33)
However,
4:51
S…
Speaker 1 (2026-04-07 00-45-33)
the two different types of personnel or teams
4:56
S…
Speaker 1 (2026-04-07 00-45-33)
involved with threat hunting and incident response very frequently.
5:00
S…
Speaker 1 (2026-04-07 00-45-33)
coordinate,
5:00
S…
Speaker 1 (2026-04-07 00-45-33)
collaborate,
5:01
S…
Speaker 2 (2026-04-07 00-45-33)
work together.
5:02
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunting is a passive activity.
5:06
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunters don't go and modify any of the systems or alter
5:11
S…
Speaker 2 (2026-04-07 00-45-33)
any of the systems.
5:12
S…
Speaker 2 (2026-04-07 00-45-33)
And the reason for this is because the hunters don't want
5:16
S…
Speaker 2 (2026-04-07 00-45-33)
to potentially tip off any of the threat actors that they are
5:20
S…
Speaker 2 (2026-04-07 00-45-33)
searching for them because this will allow the threat actors,
5:24
S…
Speaker 1 (2026-04-07 00-45-33)
there we go,
5:26
S…
Speaker 1 (2026-04-07 00-45-33)
to,
5:26
S…
Speaker 1 (2026-04-07 00-45-33)
you know,
5:27
S…
Speaker 2 (2026-04-07 00-45-33)
be aware that there's a hunt going on and then be able to modify their
5:31
S…
Speaker 2 (2026-04-07 00-45-33)
tactics and their techniques to evade the current hunt,
5:35
S…
Speaker 2 (2026-04-07 00-45-33)
which then makes it even more difficult to detect.
5:39
S…
Speaker 2 (2026-04-07 00-45-33)
Incident response is an active activity.
5:43
S…
Speaker 1 (2026-04-07 00-45-33)
Incident responders,
5:44
S…
Speaker 2 (2026-04-07 00-45-33)
their job is to go in and modify these systems to respond to
5:48
S…
Speaker 1 (2026-04-07 00-45-33)
the incident.
5:49
S…
Speaker 2 (2026-04-07 00-45-33)
So threat hunting is passive activity.
5:52
S…
Speaker 2 (2026-04-07 00-45-33)
Incident response is an active activity.
5:56
S…
Speaker 1 (2026-04-07 00-45-33)
Like I said,
5:56
S…
Speaker 1 (2026-04-07 00-45-33)
your threat hunters,
5:57
S…
Speaker 2 (2026-04-07 00-45-33)
your incident responders work very closely together throughout
6:02
S…
Speaker 2 (2026-04-07 00-45-33)
both of these types of activities.
6:04
S…
Speaker 2 (2026-04-07 00-45-33)
Your threat hunters go through the network looking for these threats,
6:07
S…
Speaker 2 (2026-04-07 00-45-33)
discovering them.
6:09
S…
Speaker 2 (2026-04-07 00-45-33)
and then providing that information to your incident responders so
6:13
S…
Speaker 2 (2026-04-07 00-45-33)
the incident responders can go through and,
6:15
S…
Speaker 2 (2026-04-07 00-45-33)
well, respond to the incident,
6:18
S…
Speaker 2 (2026-04-07 00-45-33)
but in a coordinated manner with the threat hunters so
6:22
S…
Speaker 2 (2026-04-07 00-45-33)
that the threat hunt itself is not too adversely affected.
6:26
S…
Speaker 2 (2026-04-07 00-45-33)
Sometimes it needs to be depending on the type of
6:30
S…
Speaker 2 (2026-04-07 00-45-33)
threat and the type of incident we're talking about.
6:33
S…
Speaker 2 (2026-04-07 00-45-33)
And throughout the course of the incident responders activities,
6:36
S…
Speaker 2 (2026-04-07 00-45-33)
a lot of times they'll find additional information,
6:39
S…
Speaker 2 (2026-04-07 00-45-33)
additional IOCs to then provide to the threat
6:43
S…
Speaker 1 (2026-04-07 00-45-33)
hunters.
6:43
S…
Speaker 2 (2026-04-07 00-45-33)
And these IOCs could be things like file hashes,
6:47
S…
Speaker 2 (2026-04-07 00-45-33)
memory dumps,
6:48
S…
Speaker 2 (2026-04-07 00-45-33)
disk images,
6:49
S…
Speaker 2 (2026-04-07 00-45-33)
the contents of various files on systems,
6:52
S…
Speaker 2 (2026-04-07 00-45-33)
anything like that the incident responders will typically find during
6:56
S…
Speaker 2 (2026-04-07 00-45-33)
their activities.
6:58
S…
Speaker 2 (2026-04-07 00-45-33)
And these additional indicators can give the threat hunters more information
7:03
S…
Speaker 2 (2026-04-07 00-45-33)
about trying to find any additional threats to
7:07
S…
Speaker 2 (2026-04-07 00-45-33)
expand the current threat hunt they're on or perhaps to start a
7:11
S…
Speaker 2 (2026-04-07 00-45-33)
new type of threat hunt.
7:14
S…
Speaker 2 (2026-04-07 00-45-33)
Responding to any of the threats is almost always going to alter
7:19
S…
Speaker 2 (2026-04-07 00-45-33)
data in some manner or alter the state of the system in
7:23
S…
Speaker 1 (2026-04-07 00-45-33)
some manner.
7:23
S…
Speaker 2 (2026-04-07 00-45-33)
Whether it's isolating the system,
7:25
S…
Speaker 1 (2026-04-07 00-45-33)
deleting the malware,
7:27
S…
Speaker 2 (2026-04-07 00-45-33)
putting up firewall rules,
7:28
S…
Speaker 2 (2026-04-07 00-45-33)
anything like that.
7:29
S…
Speaker 2 (2026-04-07 00-45-33)
Response is always going to involve some sort of alteration
7:34
S…
Speaker 1 (2026-04-07 00-45-33)
of a system.
7:35
S…
Speaker 2 (2026-04-07 00-45-33)
And this can have an adverse effect on a threat
7:39
S…
Speaker 2 (2026-04-07 00-45-33)
hunt that is in process.
7:42
S…
Speaker 1 (2026-04-07 00-45-33)
So just keep that in mind.
7:43
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunting is not incident response,
7:45
S…
Speaker 2 (2026-04-07 00-45-33)
but they are very closely related,
7:48
S…
Speaker 2 (2026-04-07 00-45-33)
and the two teams very commonly work together in a very
7:52
S…
Speaker 1 (2026-04-07 00-45-33)
coordinated manner.
7:54
S…
Speaker 2 (2026-04-07 00-45-33)
So we're talking about threat hunting and incident response
7:58
S…
Speaker 2 (2026-04-07 00-45-33)
and also vulnerability management.
8:00
S…
Speaker 2 (2026-04-07 00-45-33)
These types of activities are very closely
8:04
S…
Speaker 1 (2026-04-07 00-45-33)
related.
8:05
S…
Speaker 1 (2026-04-07 00-45-33)
Like we said,
8:06
S…
Speaker 2 (2026-04-07 00-45-33)
threat hunting is a proactive activity and vulnerability
8:10
S…
Speaker 2 (2026-04-07 00-45-33)
management can be a proactive activity as well,
8:14
S…
Speaker 2 (2026-04-07 00-45-33)
depending on when it's taking place.
8:17
S…
Speaker 2 (2026-04-07 00-45-33)
As long as it's not as a result of an incident not reacting
8:21
S…
Speaker 2 (2026-04-07 00-45-33)
to an incident,
8:21
S…
Speaker 2 (2026-04-07 00-45-33)
vulnerability management can be proactive.
8:25
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunting is always proactive.
8:27
S…
Speaker 1 (2026-04-07 00-45-33)
Incident response,
8:28
S…
Speaker 2 (2026-04-07 00-45-33)
on the other hand,
8:29
S…
Speaker 2 (2026-04-07 00-45-33)
is a reactive activity.
8:32
S…
Speaker 1 (2026-04-07 00-45-33)
And again,
8:33
S…
Speaker 2 (2026-04-07 00-45-33)
vulnerability management can be reactive.
8:36
S…
Speaker 2 (2026-04-07 00-45-33)
So vulnerability management can be either proactive or reactive.
8:40
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunting is almost always proactive.
8:42
S…
Speaker 2 (2026-04-07 00-45-33)
Incident response is as the name implies always reactive.
8:46
S…
Speaker 2 (2026-04-07 00-45-33)
You are responding to something.
8:49
S…
Speaker 2 (2026-04-07 00-45-33)
But all three of these activities very commonly use a lot of the same
8:53
S…
Speaker 2 (2026-04-07 00-45-33)
methods, a lot of the same tools.
8:55
S…
Speaker 2 (2026-04-07 00-45-33)
All three of them are going to involve some sort of looking at
8:59
S…
Speaker 2 (2026-04-07 00-45-33)
data and analyzing the information in that data to reach some sort
9:03
S…
Speaker 2 (2026-04-07 00-45-33)
of conclusion or perform some sort of activity.
9:06
S…
Speaker 2 (2026-04-07 00-45-33)
They're all going to involve some level of gathering
9:10
S…
Speaker 2 (2026-04-07 00-45-33)
intelligence or sharing intelligence information,
9:13
S…
Speaker 2 (2026-04-07 00-45-33)
looking at intelligence feeds,
9:16
S…
Speaker 2 (2026-04-07 00-45-33)
vulnerability feeds.
9:18
S…
Speaker 1 (2026-04-07 00-45-33)
interacting,
9:19
S…
Speaker 2 (2026-04-07 00-45-33)
discovering,
9:20
S…
Speaker 2 (2026-04-07 00-45-33)
trying to block various different techniques,
9:24
S…
Speaker 2 (2026-04-07 00-45-33)
tactics,
9:24
S…
Speaker 2 (2026-04-07 00-45-33)
techniques, and procedures.
9:26
S…
Speaker 2 (2026-04-07 00-45-33)
A lot of the times they'll involve automation and
9:30
S…
Speaker 2 (2026-04-07 00-45-33)
orchestration to help speed up some of the activities or make them a little more
9:34
S…
Speaker 2 (2026-04-07 00-45-33)
efficient.
9:35
S…
Speaker 1 (2026-04-07 00-45-33)
And then in addition,
9:37
S…
Speaker 2 (2026-04-07 00-45-33)
there will be manual data analysis,
9:40
S…
Speaker 2 (2026-04-07 00-45-33)
log analysis in all of these activities as well.
9:45
S…
Speaker 2 (2026-04-07 00-45-33)
So when we're talking about threat hunting,
9:49
S…
Speaker 2 (2026-04-07 00-45-33)
what are the specific goals we're trying to accomplish
9:53
S…
Speaker 1 (2026-04-07 00-45-33)
here?
9:53
S…
Speaker 1 (2026-04-07 00-45-33)
As the aim implies,
9:55
S…
Speaker 2 (2026-04-07 00-45-33)
we're trying to find these advanced threats in the infrastructure.
10:00
S…
Speaker 2 (2026-04-07 00-45-33)
A lot of your more routine or common threats,
10:04
S…
Speaker 2 (2026-04-07 00-45-33)
your non -advanced malware,
10:06
S…
Speaker 2 (2026-04-07 00-45-33)
we'll say,
10:07
S…
Speaker 2 (2026-04-07 00-45-33)
is detected by your kind of routine or standardized monitoring.
10:12
S…
Speaker 1 (2026-04-07 00-45-33)
However,
10:12
S…
Speaker 2 (2026-04-07 00-45-33)
a lot of the advanced threats aren't going to be.
10:16
S…
Speaker 2 (2026-04-07 00-45-33)
And when we say advanced threats,
10:17
S…
Speaker 2 (2026-04-07 00-45-33)
we're talking about things like nation -state actors,
10:20
S…
Speaker 2 (2026-04-07 00-45-33)
your attackers that are either sponsored by a
10:24
S…
Speaker 2 (2026-04-07 00-45-33)
particular nation's government.
10:27
S…
Speaker 2 (2026-04-07 00-45-33)
or are officially a part of a nation's government,
10:30
S…
Speaker 2 (2026-04-07 00-45-33)
something like that.
10:30
S…
Speaker 2 (2026-04-07 00-45-33)
They have a lot of financial backing,
10:33
S…
Speaker 2 (2026-04-07 00-45-33)
a lot of resources at their disposal,
10:36
S…
Speaker 2 (2026-04-07 00-45-33)
which gives them more ability for these more advanced attacks.
10:41
S…
Speaker 2 (2026-04-07 00-45-33)
A lot of your insider threats,
10:43
S…
Speaker 1 (2026-04-07 00-45-33)
you know,
10:44
S…
Speaker 2 (2026-04-07 00-45-33)
employees that may be carrying out attacks or stealing information
10:48
S…
Speaker 2 (2026-04-07 00-45-33)
can be advanced threats as well.
10:49
S…
Speaker 2 (2026-04-07 00-45-33)
They can be a lot more difficult to detect.
10:53
S…
Speaker 2 (2026-04-07 00-45-33)
A lot of your new or more advanced malware might
10:57
S…
Speaker 2 (2026-04-07 00-45-33)
not be detected and very frequently is not detected by your
11:01
S…
Speaker 2 (2026-04-07 00-45-33)
standard monitoring techniques because,
11:03
S…
Speaker 2 (2026-04-07 00-45-33)
again, they're working off of predefined rules and predefined criteria.
11:07
S…
Speaker 2 (2026-04-07 00-45-33)
that may not exist yet for new malware.
11:10
S…
Speaker 2 (2026-04-07 00-45-33)
The goal here besides just detecting threats is
11:14
S…
Speaker 2 (2026-04-07 00-45-33)
to minimize and reduce the amount of time that
11:19
S…
Speaker 2 (2026-04-07 00-45-33)
an attacker is in an organization's network.
11:22
S…
Speaker 2 (2026-04-07 00-45-33)
We want to attempt to identify these threats,
11:26
S…
Speaker 2 (2026-04-07 00-45-33)
identify these attacks in their early stages.
11:30
S…
Speaker 2 (2026-04-07 00-45-33)
And we'll talk about
11:31
S…
Speaker 2 (2026-04-07 00-45-33)
kind of these stages and life cycle of attacks in a later
11:36
S…
Speaker 2 (2026-04-07 00-45-33)
video in this course.
11:37
S…
Speaker 2 (2026-04-07 00-45-33)
We will talk about those stages in this course.
11:40
S…
Speaker 2 (2026-04-07 00-45-33)
What we're trying to accomplish here is reduce
11:44
S…
Speaker 2 (2026-04-07 00-45-33)
the amount of time the attackers are in the network,
11:46
S…
Speaker 2 (2026-04-07 00-45-33)
which gives them less time to cause damage to the
11:50
S…
Speaker 2 (2026-04-07 00-45-33)
systems, to introduce their malware,
11:52
S…
Speaker 2 (2026-04-07 00-45-33)
to exfiltrate data,
11:54
S…
Speaker 2 (2026-04-07 00-45-33)
to carry out their end goals.
11:57
S…
Speaker 2 (2026-04-07 00-45-33)
We want to have these attackers
11:59
S…
Speaker 2 (2026-04-07 00-45-33)
In the network for a lot shorter amount of time,
12:02
S…
Speaker 2 (2026-04-07 00-45-33)
detect them in the early stages of the attacks to
12:06
S…
Speaker 2 (2026-04-07 00-45-33)
reduce the amount of damage.
12:08
S…
Speaker 2 (2026-04-07 00-45-33)
And that is the ultimate goal of threat hunting.
12:11
S…
Speaker 2 (2026-04-07 00-45-33)
Catch the threat actors in the early stages to minimize
12:15
S…
Speaker 2 (2026-04-07 00-45-33)
the damage they can cause.
12:17
S…
Speaker 1 (2026-04-07 00-45-33)
In
12:25
S…
Speaker 2 (2026-04-07 00-45-33)
this video, we're going to take a look at several different reasons
12:29
S…
Speaker 2 (2026-04-07 00-45-33)
that threat hunting is important and several benefits that
12:33
S…
Speaker 2 (2026-04-07 00-45-33)
threat hunting can provide to organizations.
12:36
S…
Speaker 2 (2026-04-07 00-45-33)
Now, the first of those is to reduce what is known as
12:40
S…
Speaker 2 (2026-04-07 00-45-33)
the dwell time.
12:42
S…
Speaker 2 (2026-04-07 00-45-33)
Dwell time can also be referred to as the time to discover,
12:46
S…
Speaker 2 (2026-04-07 00-45-33)
so you may hear it either way.
12:48
S…
Speaker 2 (2026-04-07 00-45-33)
Essentially,
12:49
S…
Speaker 2 (2026-04-07 00-45-33)
this is the amount of time that a threat actor or an
12:53
S…
Speaker 2 (2026-04-07 00-45-33)
adversary is on the network before they're discovered,
12:57
S…
Speaker 2 (2026-04-07 00-45-33)
the amount of time that they're retaining access to various systems to
13:02
S…
Speaker 2 (2026-04-07 00-45-33)
be able to carry out their end goals.
13:05
S…
Speaker 2 (2026-04-07 00-45-33)
This gives them time to gather data,
13:08
S…
Speaker 2 (2026-04-07 00-45-33)
exfiltrate and steal data,
13:10
S…
Speaker 2 (2026-04-07 00-45-33)
collect different credentials,
13:12
S…
Speaker 2 (2026-04-07 00-45-33)
perform any sort of lateral movement or privilege
13:16
S…
Speaker 2 (2026-04-07 00-45-33)
escalation across the network,
13:18
S…
Speaker 2 (2026-04-07 00-45-33)
deploy tools that will get them more persistent
13:22
S…
Speaker 2 (2026-04-07 00-45-33)
access,
13:22
S…
Speaker 2 (2026-04-07 00-45-33)
or deploy any other sort of malware.
13:25
S…
Speaker 2 (2026-04-07 00-45-33)
There's a number of different things attackers can do while
13:29
S…
Speaker 2 (2026-04-07 00-45-33)
they're on the network before they're discovered.
13:33
S…
Speaker 2 (2026-04-07 00-45-33)
Now, the discovery time,
13:35
S…
Speaker 2 (2026-04-07 00-45-33)
the amount of dwell time,
13:37
S…
Speaker 2 (2026-04-07 00-45-33)
or the time to discover is impacted and influenced by a
13:41
S…
Speaker 2 (2026-04-07 00-45-33)
lot of different things.
13:42
S…
Speaker 2 (2026-04-07 00-45-33)
Number one can be the detection of
13:47
S…
Speaker 2 (2026-04-07 00-45-33)
the attacker on the network.
13:48
S…
Speaker 2 (2026-04-07 00-45-33)
This ideally will happen before the attacker is
13:52
S…
Speaker 2 (2026-04-07 00-45-33)
able to carry out their goals.
13:55
S…
Speaker 2 (2026-04-07 00-45-33)
But if they are detected before they're able to carry out their goals,
13:58
S…
Speaker 2 (2026-04-07 00-45-33)
that is a good thing,
13:59
S…
Speaker 2 (2026-04-07 00-45-33)
and that helps to reduce the dwell time.
14:02
S…
Speaker 2 (2026-04-07 00-45-33)
Another thing that can result in detection is the attacker
14:07
S…
Speaker 2 (2026-04-07 00-45-33)
either achieving their goals,
14:09
S…
Speaker 2 (2026-04-07 00-45-33)
which there usually is something to notice there when they do achieve
14:13
S…
Speaker 1 (2026-04-07 00-45-33)
their goals.
14:13
S…
Speaker 2 (2026-04-07 00-45-33)
They usually kind of give themselves away or they detonate what is known
14:17
S…
Speaker 2 (2026-04-07 00-45-33)
as a noisy payload.
14:19
S…
Speaker 2 (2026-04-07 00-45-33)
Essentially, a noisy payload is something.
14:22
S…
Speaker 2 (2026-04-07 00-45-33)
That when they run a piece of software or whatever it is they're trying to do,
14:26
S…
Speaker 2 (2026-04-07 00-45-33)
it sets off various different triggers or alerts on the network.
14:30
S…
Speaker 2 (2026-04-07 00-45-33)
That's what's meant by noisy in this instance.
14:34
S…
Speaker 2 (2026-04-07 00-45-33)
Now, different types of attacks,
14:37
S…
Speaker 2 (2026-04-07 00-45-33)
different attackers are going to have different levels
14:41
S…
Speaker 2 (2026-04-07 00-45-33)
of dwell time for a lot of different reasons.
14:44
S…
Speaker 2 (2026-04-07 00-45-33)
A good example of that is ransomware usually is going to have
14:48
S…
Speaker 2 (2026-04-07 00-45-33)
a very small dwell time.
14:50
S…
Speaker 2 (2026-04-07 00-45-33)
The attacker is going to be on the network for a very short amount of time before
14:54
S…
Speaker 2 (2026-04-07 00-45-33)
they actually carry out the ransomware attack,
14:57
S…
Speaker 2 (2026-04-07 00-45-33)
especially if their sole goal is to
15:00
S…
Speaker 2 (2026-04-07 00-45-33)
who just encrypt data and demand money for it to be decrypted.
15:04
S…
Speaker 2 (2026-04-07 00-45-33)
They don't have a need to stay on the network for a long amount of time.
15:08
S…
Speaker 1 (2026-04-07 00-45-33)
They get in,
15:08
S…
Speaker 1 (2026-04-07 00-45-33)
they detonate the payload,
15:09
S…
Speaker 2 (2026-04-07 00-45-33)
and then they are done.
15:11
S…
Speaker 2 (2026-04-07 00-45-33)
So usually that's a very small dwell time.
15:13
S…
Speaker 2 (2026-04-07 00-45-33)
More advanced attacks typically have much longer
15:17
S…
Speaker 2 (2026-04-07 00-45-33)
dwell times.
15:19
S…
Speaker 1 (2026-04-07 00-45-33)
Now, to give you an example of what this is,
15:21
S…
Speaker 2 (2026-04-07 00-45-33)
this actually has come down significantly in recent years.
15:24
S…
Speaker 2 (2026-04-07 00-45-33)
I heard back in the,
15:25
S…
Speaker 2 (2026-04-07 00-45-33)
you know, early 2000s,
15:28
S…
Speaker 1 (2026-04-07 00-45-33)
2010s,
15:28
S…
Speaker 2 (2026-04-07 00-45-33)
we were talking about,
15:30
S…
Speaker 2 (2026-04-07 00-45-33)
you know, dwell times in the hundreds of days.
15:32
S…
Speaker 1 (2026-04-07 00-45-33)
But now 2022,
15:34
S…
Speaker 2 (2026-04-07 00-45-33)
the average dwell time,
15:35
S…
Speaker 2 (2026-04-07 00-45-33)
and this is data according to Mandiant reports,
15:38
S…
Speaker 2 (2026-04-07 00-45-33)
2022,
15:39
S…
Speaker 2 (2026-04-07 00-45-33)
the average dwell time was just about 16 days.
15:41
S…
Speaker 2 (2026-04-07 00-45-33)
In 2023,
15:42
S…
Speaker 2 (2026-04-07 00-45-33)
it was only 10 days.
15:44
S…
Speaker 1 (2026-04-07 00-45-33)
Now,
15:45
S…
Speaker 2 (2026-04-07 00-45-33)
compare that to something like 2020.
15:47
S…
Speaker 2 (2026-04-07 00-45-33)
where it was 56 days.
15:49
S…
Speaker 2 (2026-04-07 00-45-33)
So a considerable difference,
15:51
S…
Speaker 2 (2026-04-07 00-45-33)
and it is coming down thanks to,
15:53
S…
Speaker 2 (2026-04-07 00-45-33)
you know, more advanced technology for defensive measures,
15:56
S…
Speaker 2 (2026-04-07 00-45-33)
better detections,
15:57
S…
Speaker 2 (2026-04-07 00-45-33)
but also more advanced,
15:59
S…
Speaker 2 (2026-04-07 00-45-33)
better, and more often threat hunting as well.
16:03
S…
Speaker 1 (2026-04-07 00-45-33)
Now, you might be asking,
16:05
S…
Speaker 2 (2026-04-07 00-45-33)
why is this really important?
16:07
S…
Speaker 1 (2026-04-07 00-45-33)
Again, with threat hunting,
16:08
S…
Speaker 2 (2026-04-07 00-45-33)
our goal is to detect these threats before the attacker
16:12
S…
Speaker 2 (2026-04-07 00-45-33)
can get to their end goal,
16:14
S…
Speaker 2 (2026-04-07 00-45-33)
before they can carry out whatever their goal is.
16:18
S…
Speaker 2 (2026-04-07 00-45-33)
The longer amount of time they're on the network,
16:21
S…
Speaker 1 (2026-04-07 00-45-33)
the more they can accomplish in the infrastructure,
16:25
S…
Speaker 2 (2026-04-07 00-45-33)
the more likely it is they're able to carry out their goals.
16:29
S…
Speaker 2 (2026-04-07 00-45-33)
And the harder it becomes to actually remove them or
16:33
S…
Speaker 2 (2026-04-07 00-45-33)
evict them from those systems,
16:35
S…
Speaker 2 (2026-04-07 00-45-33)
the larger or the better hold they get on those systems,
16:38
S…
Speaker 1 (2026-04-07 00-45-33)
you know,
16:39
S…
Speaker 2 (2026-04-07 00-45-33)
the longer they're on the network,
16:41
S…
Speaker 2 (2026-04-07 00-45-33)
let me rephrase that,
16:42
S…
Speaker 2 (2026-04-07 00-45-33)
the longer they're on the network,
16:43
S…
Speaker 2 (2026-04-07 00-45-33)
the better hold they get on the systems,
16:45
S…
Speaker 1 (2026-04-07 00-45-33)
the more difficult it becomes to detect them,
16:48
S…
Speaker 1 (2026-04-07 00-45-33)
depending on the,
16:48
S…
Speaker 2 (2026-04-07 00-45-33)
you know, the skills they have,
16:51
S…
Speaker 1 (2026-04-07 00-45-33)
but the more difficult it becomes to remove them as
16:55
S…
Speaker 1 (2026-04-07 00-45-33)
well.
16:56
S…
Speaker 2 (2026-04-07 00-45-33)
The early discovery,
16:58
S…
Speaker 2 (2026-04-07 00-45-33)
the early removal,
16:59
S…
Speaker 2 (2026-04-07 00-45-33)
reducing this dwell time really helps to reduce
17:04
S…
Speaker 2 (2026-04-07 00-45-33)
the chance of a very costly impact to the organization.
17:08
S…
Speaker 2 (2026-04-07 00-45-33)
And that's cybersecurity's goal here is to protect
17:12
S…
Speaker 2 (2026-04-07 00-45-33)
the organization's data,
17:13
S…
Speaker 2 (2026-04-07 00-45-33)
systems,
17:14
S…
Speaker 1 (2026-04-07 00-45-33)
and business practices.
17:16
S…
Speaker 1 (2026-04-07 00-45-33)
And threat hunting,
17:17
S…
Speaker 2 (2026-04-07 00-45-33)
reducing this dwell time works to accomplish that
17:22
S…
Speaker 2 (2026-04-07 00-45-33)
goal.
17:23
S…
Speaker 2 (2026-04-07 00-45-33)
Now, when we're talking about threat hunting,
17:25
S…
Speaker 2 (2026-04-07 00-45-33)
we have to also talk about our antivirus and our EDR solutions and the
17:29
S…
Speaker 1 (2026-04-07 00-45-33)
limitations those products have.
17:31
S…
Speaker 2 (2026-04-07 00-45-33)
These types of systems work off of what are known as the predetermined
17:35
S…
Speaker 1 (2026-04-07 00-45-33)
detection rules.
17:37
S…
Speaker 2 (2026-04-07 00-45-33)
Detections have to be written for these pieces of software in order for
17:41
S…
Speaker 2 (2026-04-07 00-45-33)
them to actually find the malware they're trying to find.
17:44
S…
Speaker 2 (2026-04-07 00-45-33)
These are things like signatures that are written to detect specific pieces of
17:48
S…
Speaker 1 (2026-04-07 00-45-33)
malware.
17:49
S…
Speaker 2 (2026-04-07 00-45-33)
signatures or rules for user behavior.
17:53
S…
Speaker 2 (2026-04-07 00-45-33)
If a user does a certain activity,
17:55
S…
Speaker 1 (2026-04-07 00-45-33)
it may be identified as suspicious.
17:57
S…
Speaker 2 (2026-04-07 00-45-33)
This can be as simple as hashes for files or
18:02
S…
Speaker 2 (2026-04-07 00-45-33)
file names.
18:02
S…
Speaker 2 (2026-04-07 00-45-33)
Those are effective signatures when it comes to our AV and our EDR
18:07
S…
Speaker 1 (2026-04-07 00-45-33)
stuff.
18:08
S…
Speaker 1 (2026-04-07 00-45-33)
But basically,
18:09
S…
Speaker 1 (2026-04-07 00-45-33)
with these pieces of software,
18:10
S…
Speaker 2 (2026-04-07 00-45-33)
if an attack or piece of malware doesn't match the rule that was written
18:14
S…
Speaker 2 (2026-04-07 00-45-33)
for it, then that security control isn't going to be aware
18:18
S…
Speaker 2 (2026-04-07 00-45-33)
of the malware or of the attack.
18:21
S…
Speaker 2 (2026-04-07 00-45-33)
And if it's not aware of it,
18:23
S…
Speaker 2 (2026-04-07 00-45-33)
then there's no alerts triggered.
18:24
S…
Speaker 2 (2026-04-07 00-45-33)
There's no actions that it takes because,
18:27
S…
Speaker 2 (2026-04-07 00-45-33)
again, the malware or the attack doesn't trigger the
18:31
S…
Speaker 1 (2026-04-07 00-45-33)
rule.
18:31
S…
Speaker 2 (2026-04-07 00-45-33)
It means the control isn't aware of it and then can't do anything about
18:35
S…
Speaker 1 (2026-04-07 00-45-33)
it.
18:36
S…
Speaker 2 (2026-04-07 00-45-33)
These software also require pretty constant updating,
18:40
S…
Speaker 2 (2026-04-07 00-45-33)
whether it's to the signatures,
18:42
S…
Speaker 2 (2026-04-07 00-45-33)
the software itself,
18:43
S…
Speaker 2 (2026-04-07 00-45-33)
to kind of maintain the awareness of the newer types
18:47
S…
Speaker 2 (2026-04-07 00-45-33)
of attacks,
18:48
S…
Speaker 2 (2026-04-07 00-45-33)
the newer malware,
18:49
S…
Speaker 2 (2026-04-07 00-45-33)
and the newer tools the attackers use.
18:52
S…
Speaker 2 (2026-04-07 00-45-33)
That kind of data and that information,
18:55
S…
Speaker 2 (2026-04-07 00-45-33)
those tools are changing pretty rapidly and are also advancing rapidly
18:59
S…
Speaker 1 (2026-04-07 00-45-33)
as well.
18:59
S…
Speaker 2 (2026-04-07 00-45-33)
And these pieces of software have to be updated in order to be able to detect
19:04
S…
Speaker 1 (2026-04-07 00-45-33)
those.
19:04
S…
Speaker 2 (2026-04-07 00-45-33)
Now, there are advanced methods and more advanced features in
19:08
S…
Speaker 2 (2026-04-07 00-45-33)
some of these tools that can work to detect more of the
19:12
S…
Speaker 2 (2026-04-07 00-45-33)
behavior kind of things that attackers will kind of do.
19:16
S…
Speaker 2 (2026-04-07 00-45-33)
less of the signatures and indicators exactly,
19:20
S…
Speaker 2 (2026-04-07 00-45-33)
but they are still limited and aren't going to be necessarily
19:24
S…
Speaker 2 (2026-04-07 00-45-33)
as effective in finding these threats as threat
19:28
S…
Speaker 2 (2026-04-07 00-45-33)
hunting would be.
19:29
S…
Speaker 2 (2026-04-07 00-45-33)
That's not to say these products shouldn't be used.
19:33
S…
Speaker 2 (2026-04-07 00-45-33)
They absolutely should be used,
19:35
S…
Speaker 2 (2026-04-07 00-45-33)
but they should be used along with threat hunting and other
19:39
S…
Speaker 2 (2026-04-07 00-45-33)
layers to that defense in -depth model.
19:42
S…
Speaker 1 (2026-04-07 00-45-33)
Just be aware that this one layer,
19:44
S…
Speaker 2 (2026-04-07 00-45-33)
really none of the individual layers,
19:46
S…
Speaker 2 (2026-04-07 00-45-33)
are going to be able to detect all of the threats.
19:50
S…
Speaker 1 (2026-04-07 00-45-33)
Now,
19:51
S…
Speaker 2 (2026-04-07 00-45-33)
besides finding threats and finding malware in an
19:55
S…
Speaker 2 (2026-04-07 00-45-33)
environment, threat hunting can help to work to improve the defenses
19:59
S…
Speaker 1 (2026-04-07 00-45-33)
of...
20:00
S…
Speaker 2 (2026-04-07 00-45-33)
the organization.
20:00
S…
Speaker 2 (2026-04-07 00-45-33)
Through the course of performing a threat hunt,
20:03
S…
Speaker 2 (2026-04-07 00-45-33)
you can find a lot of other security issues that you may not have been aware
20:07
S…
Speaker 2 (2026-04-07 00-45-33)
of on the network.
20:08
S…
Speaker 2 (2026-04-07 00-45-33)
Things like maybe you come across vulnerabilities that
20:12
S…
Speaker 2 (2026-04-07 00-45-33)
might need remediation or endpoints that might have some configuration
20:16
S…
Speaker 2 (2026-04-07 00-45-33)
that's not quite right.
20:18
S…
Speaker 2 (2026-04-07 00-45-33)
It may not directly affect the security,
20:20
S…
Speaker 2 (2026-04-07 00-45-33)
but it's still configuration that needs to be adjusted.
20:25
S…
Speaker 2 (2026-04-07 00-45-33)
Maybe the threat hunt finds software on workstations that isn't
20:29
S…
Speaker 2 (2026-04-07 00-45-33)
approved and shouldn't be on those workstations.
20:32
S…
Speaker 2 (2026-04-07 00-45-33)
It could find things like access issues,
20:35
S…
Speaker 2 (2026-04-07 00-45-33)
permissions that haven't been set up properly,
20:37
S…
Speaker 2 (2026-04-07 00-45-33)
that maybe either users have too much permissions and
20:41
S…
Speaker 2 (2026-04-07 00-45-33)
they just don't know it because the users don't know the difference,
20:44
S…
Speaker 2 (2026-04-07 00-45-33)
or,
20:45
S…
Speaker 2 (2026-04-07 00-45-33)
you know, not enough permissions for certain access that's needed,
20:48
S…
Speaker 2 (2026-04-07 00-45-33)
but again, no one's complained about it.
20:50
S…
Speaker 2 (2026-04-07 00-45-33)
So threat hunting can find...
20:52
S…
Speaker 2 (2026-04-07 00-45-33)
And this is not an exhaustive list.
20:54
S…
Speaker 2 (2026-04-07 00-45-33)
This is a very small list of what threat hunting practices and measures
21:00
S…
Speaker 2 (2026-04-07 00-45-33)
can find.
21:00
S…
Speaker 2 (2026-04-07 00-45-33)
Any data that is found during a threat hunt
21:05
S…
Speaker 2 (2026-04-07 00-45-33)
can potentially be used to improve the security
21:09
S…
Speaker 2 (2026-04-07 00-45-33)
of the organization using finding things that can help adjust
21:13
S…
Speaker 2 (2026-04-07 00-45-33)
security controls or even finding places where security controls
21:17
S…
Speaker 2 (2026-04-07 00-45-33)
are lacking.
21:19
S…
Speaker 2 (2026-04-07 00-45-33)
And the organization might need new security controls implemented.
21:23
S…
Speaker 2 (2026-04-07 00-45-33)
It's not uncommon during a threat hunting activity to
21:27
S…
Speaker 2 (2026-04-07 00-45-33)
find that there are missing logs.
21:29
S…
Speaker 2 (2026-04-07 00-45-33)
There are systems that have not been logging properly or maybe were never configured
21:34
S…
Speaker 2 (2026-04-07 00-45-33)
to log properly in the first place.
21:35
S…
Speaker 2 (2026-04-07 00-45-33)
So it's common to find during these threat hunting places where the
21:39
S…
Speaker 2 (2026-04-07 00-45-33)
logging can be improved.
21:41
S…
Speaker 2 (2026-04-07 00-45-33)
And also that there can be additional rules written for
21:46
S…
Speaker 2 (2026-04-07 00-45-33)
a lot of these detection systems.
21:47
S…
Speaker 2 (2026-04-07 00-45-33)
This is a very common outcome with threat hunting.
21:52
S…
Speaker 2 (2026-04-07 00-45-33)
reporting and outcomes with threat hunts much later in the learning path
21:56
S…
Speaker 2 (2026-04-07 00-45-33)
in a different course.
21:57
S…
Speaker 2 (2026-04-07 00-45-33)
But it's very common to,
22:00
S…
Speaker 1 (2026-04-07 00-45-33)
you know, find,
22:00
S…
Speaker 2 (2026-04-07 00-45-33)
if you find intrusions,
22:02
S…
Speaker 2 (2026-04-07 00-45-33)
you do find the threats on during the threat hunt on the network,
22:05
S…
Speaker 1 (2026-04-07 00-45-33)
you can write,
22:06
S…
Speaker 1 (2026-04-07 00-45-33)
you can,
22:07
S…
Speaker 2 (2026-04-07 00-45-33)
you know, based on what you found,
22:08
S…
Speaker 2 (2026-04-07 00-45-33)
you can write new rules for detections for a lot of the security controls,
22:13
S…
Speaker 2 (2026-04-07 00-45-33)
which can,
22:14
S…
Speaker 1 (2026-04-07 00-45-33)
again,
22:14
S…
Speaker 2 (2026-04-07 00-45-33)
help protect the organization.
22:17
S…
Speaker 2 (2026-04-07 00-45-33)
So we've talked about why threat hunting is important,
22:20
S…
Speaker 2 (2026-04-07 00-45-33)
but also when should we actually perform threat hunts?
22:24
S…
Speaker 2 (2026-04-07 00-45-33)
This is going to vary greatly depending on the organization,
22:27
S…
Speaker 2 (2026-04-07 00-45-33)
the size of the organization,
22:29
S…
Speaker 2 (2026-04-07 00-45-33)
the layout of the security teams,
22:31
S…
Speaker 2 (2026-04-07 00-45-33)
and really just the needs of the organization.
22:35
S…
Speaker 2 (2026-04-07 00-45-33)
Organizations that have dedicated threat hunting teams,
22:38
S…
Speaker 2 (2026-04-07 00-45-33)
usually going to be larger organizations,
22:40
S…
Speaker 2 (2026-04-07 00-45-33)
very frequently will have scheduled threat hunts.
22:42
S…
Speaker 2 (2026-04-07 00-45-33)
These are just going to be performed on a regular basis on a routine schedule.
22:47
S…
Speaker 2 (2026-04-07 00-45-33)
They'll be based on various different hypotheses that the
תעתיק זה נוצר על ידי AI (זיהוי דיבור אוטומטי). עשוי להכיל שגיאות □ אימות מול השמע המקורי לשימוש קריטי. מדיניות AI
תקציר
לחץ לסכם כדי ליצור סיכום AI של תעתיק זה.
מסכם...
שאל את אל על התעתיק הזה.
שאל כל דבר על התמליל הזה, הבינה המלאכותית תמצא חלקים רלוונטיים ותענה.