2026-04-07 00-45-33
May 31, 2026 22:23
· 36:45
· English
· Whisper Turbo
· 2 Kelliema
Din it-tranżazzjoni tiskadi llum.
Aġġornament għall-ħażna permanenti →
Li juru biss
0:00
S…
Speaker 1 (2026-04-07 00-45-33)
really anything in the network infrastructure that...
0:07
S…
Speaker 2 (2026-04-07 00-45-33)
In this video,
0:08
S…
Speaker 1 (2026-04-07 00-45-33)
we're going to take a look at what threat hunting is
0:12
S…
Speaker 1 (2026-04-07 00-45-33)
and some of the goals when we're talking about threat hunting.
0:16
S…
Speaker 1 (2026-04-07 00-45-33)
What are we trying to accomplish with threat hunting?
0:19
S…
Speaker 1 (2026-04-07 00-45-33)
So first of all,
0:20
S…
Speaker 1 (2026-04-07 00-45-33)
what is threat hunting?
0:23
S…
Speaker 1 (2026-04-07 00-45-33)
Threat hunting is a proactive activity.
0:26
S…
Speaker 1 (2026-04-07 00-45-33)
We are proactively going through and looking for various different
0:30
S…
Speaker 1 (2026-04-07 00-45-33)
types of threats in the infrastructure.
0:32
S…
Speaker 2 (2026-04-07 00-45-33)
And we do this
0:34
S…
Speaker 1 (2026-04-07 00-45-33)
using things like logs from various different systems,
0:38
S…
Speaker 2 (2026-04-07 00-45-33)
our endpoints,
0:39
S…
Speaker 1 (2026-04-07 00-45-33)
our servers and workstations on the network,
0:41
S…
Speaker 1 (2026-04-07 00-45-33)
network devices,
0:42
S…
Speaker 1 (2026-04-07 00-45-33)
your authentication systems,
0:44
S…
Speaker 1 (2026-04-07 00-45-33)
really anything in the network infrastructure that can generate logs
0:49
S…
Speaker 1 (2026-04-07 00-45-33)
can have useful information when we're talking about looking for
0:53
S…
Speaker 1 (2026-04-07 00-45-33)
these threats.
0:54
S…
Speaker 1 (2026-04-07 00-45-33)
Now,
0:55
S…
Speaker 1 (2026-04-07 00-45-33)
threat hunting is a proactive activity as opposed to a
0:59
S…
Speaker 1 (2026-04-07 00-45-33)
reactive activity.
1:01
S…
Speaker 1 (2026-04-07 00-45-33)
Reactive means essentially reacting to alerts
1:06
S…
Speaker 1 (2026-04-07 00-45-33)
that may come in from various different systems.
1:09
S…
Speaker 1 (2026-04-07 00-45-33)
Without threat hunting,
1:10
S…
Speaker 2 (2026-04-07 00-45-33)
typically your indication,
1:13
S…
Speaker 1 (2026-04-07 00-45-33)
your really only indication of malicious activity is based on some
1:17
S…
Speaker 1 (2026-04-07 00-45-33)
of these alerts from your EDR systems,
1:19
S…
Speaker 1 (2026-04-07 00-45-33)
from your security operations center,
1:21
S…
Speaker 1 (2026-04-07 00-45-33)
your logging systems,
1:22
S…
Speaker 1 (2026-04-07 00-45-33)
intrusion prevention systems,
1:24
S…
Speaker 2 (2026-04-07 00-45-33)
any of those.
1:25
S…
Speaker 1 (2026-04-07 00-45-33)
But all of these types of alerts are all based on predefined
1:30
S…
Speaker 1 (2026-04-07 00-45-33)
criteria.
1:31
S…
Speaker 1 (2026-04-07 00-45-33)
But what happens when you get a threat on the network or malware on the network
1:35
S…
Speaker 1 (2026-04-07 00-45-33)
that doesn't match the predefined criteria for those
1:40
S…
Speaker 1 (2026-04-07 00-45-33)
alerts?
1:40
S…
Speaker 1 (2026-04-07 00-45-33)
What happens when those systems don't detect the
1:44
S…
Speaker 1 (2026-04-07 00-45-33)
malicious activity?
1:47
S…
Speaker 1 (2026-04-07 00-45-33)
So threat hunting is proactive.
1:49
S…
Speaker 1 (2026-04-07 00-45-33)
We are going and searching through the logs for any sort of
1:53
S…
Speaker 1 (2026-04-07 00-45-33)
indicators of compromise.
1:55
S…
Speaker 1 (2026-04-07 00-45-33)
Indicators of compromise is a term you will hear very frequently when we're
1:59
S…
Speaker 1 (2026-04-07 00-45-33)
talking about threat hunting.
2:00
S…
Speaker 1 (2026-04-07 00-45-33)
It's usually just abbreviated as IOC,
2:03
S…
Speaker 1 (2026-04-07 00-45-33)
indicators of compromise.
2:06
S…
Speaker 1 (2026-04-07 00-45-33)
The reactive measures are not good enough
2:10
S…
Speaker 1 (2026-04-07 00-45-33)
when it comes to looking for advanced threats on
2:14
S…
Speaker 1 (2026-04-07 00-45-33)
the network.
2:15
S…
Speaker 1 (2026-04-07 00-45-33)
And we'll get into what some of those advanced threats are here in
2:19
S…
Speaker 1 (2026-04-07 00-45-33)
just a minute.
2:20
S…
Speaker 1 (2026-04-07 00-45-33)
Threat hunting uses what's known as an assumption of
2:25
S…
Speaker 1 (2026-04-07 00-45-33)
breach or a concept known as assume breach,
2:28
S…
Speaker 1 (2026-04-07 00-45-33)
and we'll talk about that here in a second.
2:30
S…
Speaker 1 (2026-04-07 00-45-33)
It is not meant to replace any of the alert
2:34
S…
Speaker 1 (2026-04-07 00-45-33)
-based detections.
2:36
S…
Speaker 1 (2026-04-07 00-45-33)
It's meant to work with those systems in a
2:40
S…
Speaker 1 (2026-04-07 00-45-33)
defense -in -depth strategy,
2:42
S…
Speaker 1 (2026-04-07 00-45-33)
having multiple layers of defense.
2:45
S…
Speaker 2 (2026-04-07 00-45-33)
In this case,
2:46
S…
Speaker 1 (2026-04-07 00-45-33)
to different layers being reactive alerts that can be responded to
2:50
S…
Speaker 1 (2026-04-07 00-45-33)
that are looking for a lot of the more simpler malware,
2:53
S…
Speaker 1 (2026-04-07 00-45-33)
and your threat hunting that is looking for your more advanced malware.
2:57
S…
Speaker 1 (2026-04-07 00-45-33)
Now,
2:58
S…
Speaker 1 (2026-04-07 00-45-33)
threat hunting isn't just useful for just finding
3:02
S…
Speaker 1 (2026-04-07 00-45-33)
threats.
3:03
S…
Speaker 1 (2026-04-07 00-45-33)
It's also useful for finding different systems that may be misconfigured
3:08
S…
Speaker 1 (2026-04-07 00-45-33)
or the use of...
3:09
S…
Speaker 1 (2026-04-07 00-45-33)
non -approved software,
3:11
S…
Speaker 1 (2026-04-07 00-45-33)
any sort of vulnerabilities,
3:13
S…
Speaker 1 (2026-04-07 00-45-33)
things like that.
3:14
S…
Speaker 1 (2026-04-07 00-45-33)
It's not just for finding malicious activity,
3:18
S…
Speaker 1 (2026-04-07 00-45-33)
but that is its primary purpose.
3:21
S…
Speaker 1 (2026-04-07 00-45-33)
So let's talk about what assume breach means.
3:25
S…
Speaker 2 (2026-04-07 00-45-33)
Basically,
3:26
S…
Speaker 1 (2026-04-07 00-45-33)
as the name kind of implies,
3:27
S…
Speaker 1 (2026-04-07 00-45-33)
it's carrying out your investigation,
3:29
S…
Speaker 1 (2026-04-07 00-45-33)
your analysis activities,
3:31
S…
Speaker 1 (2026-04-07 00-45-33)
assuming that there is already a threat hunter on
3:36
S…
Speaker 1 (2026-04-07 00-45-33)
the network carrying out these malicious activities.
3:38
S…
Speaker 2 (2026-04-07 00-45-33)
Now,
3:39
S…
Speaker 1 (2026-04-07 00-45-33)
this requires a lot of other assumptions and hypotheses,
3:42
S…
Speaker 1 (2026-04-07 00-45-33)
and you will come across that hypothesis kind
3:46
S…
Speaker 1 (2026-04-07 00-45-33)
of concept in threat hunting a lot also.
3:49
S…
Speaker 1 (2026-04-07 00-45-33)
It requires an assumption or a theory or hypothesis
3:53
S…
Speaker 1 (2026-04-07 00-45-33)
about what system might be compromised.
3:56
S…
Speaker 1 (2026-04-07 00-45-33)
You have to have somewhere to start.
3:58
S…
Speaker 1 (2026-04-07 00-45-33)
How that system might be compromised,
4:01
S…
Speaker 1 (2026-04-07 00-45-33)
what threat actor might be involved with this malicious activity,
4:05
S…
Speaker 1 (2026-04-07 00-45-33)
and what those threat actors' TTPs
4:09
S…
Speaker 2 (2026-04-07 00-45-33)
may be.
4:10
S…
Speaker 1 (2026-04-07 00-45-33)
TTPs are tactics,
4:12
S…
Speaker 1 (2026-04-07 00-45-33)
techniques,
4:13
S…
Speaker 2 (2026-04-07 00-45-33)
and procedures.
4:14
S…
Speaker 1 (2026-04-07 00-45-33)
We'll talk about those in much more detail later in the course.
4:18
S…
Speaker 1 (2026-04-07 00-45-33)
Again, we're not necessarily reacting to an alert or
4:23
S…
Speaker 1 (2026-04-07 00-45-33)
to a threat or anything.
4:24
S…
Speaker 1 (2026-04-07 00-45-33)
We are proactively going through and looking for
4:29
S…
Speaker 1 (2026-04-07 00-45-33)
these types of things with the assumption that they are already
4:33
S…
Speaker 1 (2026-04-07 00-45-33)
happening on the network.
4:36
S…
Speaker 1 (2026-04-07 00-45-33)
You'll hear threat hunting and incident response talked
4:40
S…
Speaker 1 (2026-04-07 00-45-33)
about together a lot.
4:42
S…
Speaker 1 (2026-04-07 00-45-33)
But just keep in mind,
4:44
S…
Speaker 1 (2026-04-07 00-45-33)
threat hunting is not incident response.
4:48
S…
Speaker 1 (2026-04-07 00-45-33)
They are two very different activities.
4:50
S…
Speaker 2 (2026-04-07 00-45-33)
However,
4:51
S…
Speaker 1 (2026-04-07 00-45-33)
the two different types of personnel or teams
4:56
S…
Speaker 1 (2026-04-07 00-45-33)
involved with threat hunting and incident response very frequently.
5:00
S…
Speaker 1 (2026-04-07 00-45-33)
coordinate,
5:00
S…
Speaker 1 (2026-04-07 00-45-33)
collaborate,
5:01
S…
Speaker 2 (2026-04-07 00-45-33)
work together.
5:02
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunting is a passive activity.
5:06
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunters don't go and modify any of the systems or alter
5:11
S…
Speaker 2 (2026-04-07 00-45-33)
any of the systems.
5:12
S…
Speaker 2 (2026-04-07 00-45-33)
And the reason for this is because the hunters don't want
5:16
S…
Speaker 2 (2026-04-07 00-45-33)
to potentially tip off any of the threat actors that they are
5:20
S…
Speaker 2 (2026-04-07 00-45-33)
searching for them because this will allow the threat actors,
5:24
S…
Speaker 1 (2026-04-07 00-45-33)
there we go,
5:26
S…
Speaker 1 (2026-04-07 00-45-33)
to,
5:26
S…
Speaker 1 (2026-04-07 00-45-33)
you know,
5:27
S…
Speaker 2 (2026-04-07 00-45-33)
be aware that there's a hunt going on and then be able to modify their
5:31
S…
Speaker 2 (2026-04-07 00-45-33)
tactics and their techniques to evade the current hunt,
5:35
S…
Speaker 2 (2026-04-07 00-45-33)
which then makes it even more difficult to detect.
5:39
S…
Speaker 2 (2026-04-07 00-45-33)
Incident response is an active activity.
5:43
S…
Speaker 1 (2026-04-07 00-45-33)
Incident responders,
5:44
S…
Speaker 2 (2026-04-07 00-45-33)
their job is to go in and modify these systems to respond to
5:48
S…
Speaker 1 (2026-04-07 00-45-33)
the incident.
5:49
S…
Speaker 2 (2026-04-07 00-45-33)
So threat hunting is passive activity.
5:52
S…
Speaker 2 (2026-04-07 00-45-33)
Incident response is an active activity.
5:56
S…
Speaker 1 (2026-04-07 00-45-33)
Like I said,
5:56
S…
Speaker 1 (2026-04-07 00-45-33)
your threat hunters,
5:57
S…
Speaker 2 (2026-04-07 00-45-33)
your incident responders work very closely together throughout
6:02
S…
Speaker 2 (2026-04-07 00-45-33)
both of these types of activities.
6:04
S…
Speaker 2 (2026-04-07 00-45-33)
Your threat hunters go through the network looking for these threats,
6:07
S…
Speaker 2 (2026-04-07 00-45-33)
discovering them.
6:09
S…
Speaker 2 (2026-04-07 00-45-33)
and then providing that information to your incident responders so
6:13
S…
Speaker 2 (2026-04-07 00-45-33)
the incident responders can go through and,
6:15
S…
Speaker 2 (2026-04-07 00-45-33)
well, respond to the incident,
6:18
S…
Speaker 2 (2026-04-07 00-45-33)
but in a coordinated manner with the threat hunters so
6:22
S…
Speaker 2 (2026-04-07 00-45-33)
that the threat hunt itself is not too adversely affected.
6:26
S…
Speaker 2 (2026-04-07 00-45-33)
Sometimes it needs to be depending on the type of
6:30
S…
Speaker 2 (2026-04-07 00-45-33)
threat and the type of incident we're talking about.
6:33
S…
Speaker 2 (2026-04-07 00-45-33)
And throughout the course of the incident responders activities,
6:36
S…
Speaker 2 (2026-04-07 00-45-33)
a lot of times they'll find additional information,
6:39
S…
Speaker 2 (2026-04-07 00-45-33)
additional IOCs to then provide to the threat
6:43
S…
Speaker 1 (2026-04-07 00-45-33)
hunters.
6:43
S…
Speaker 2 (2026-04-07 00-45-33)
And these IOCs could be things like file hashes,
6:47
S…
Speaker 2 (2026-04-07 00-45-33)
memory dumps,
6:48
S…
Speaker 2 (2026-04-07 00-45-33)
disk images,
6:49
S…
Speaker 2 (2026-04-07 00-45-33)
the contents of various files on systems,
6:52
S…
Speaker 2 (2026-04-07 00-45-33)
anything like that the incident responders will typically find during
6:56
S…
Speaker 2 (2026-04-07 00-45-33)
their activities.
6:58
S…
Speaker 2 (2026-04-07 00-45-33)
And these additional indicators can give the threat hunters more information
7:03
S…
Speaker 2 (2026-04-07 00-45-33)
about trying to find any additional threats to
7:07
S…
Speaker 2 (2026-04-07 00-45-33)
expand the current threat hunt they're on or perhaps to start a
7:11
S…
Speaker 2 (2026-04-07 00-45-33)
new type of threat hunt.
7:14
S…
Speaker 2 (2026-04-07 00-45-33)
Responding to any of the threats is almost always going to alter
7:19
S…
Speaker 2 (2026-04-07 00-45-33)
data in some manner or alter the state of the system in
7:23
S…
Speaker 1 (2026-04-07 00-45-33)
some manner.
7:23
S…
Speaker 2 (2026-04-07 00-45-33)
Whether it's isolating the system,
7:25
S…
Speaker 1 (2026-04-07 00-45-33)
deleting the malware,
7:27
S…
Speaker 2 (2026-04-07 00-45-33)
putting up firewall rules,
7:28
S…
Speaker 2 (2026-04-07 00-45-33)
anything like that.
7:29
S…
Speaker 2 (2026-04-07 00-45-33)
Response is always going to involve some sort of alteration
7:34
S…
Speaker 1 (2026-04-07 00-45-33)
of a system.
7:35
S…
Speaker 2 (2026-04-07 00-45-33)
And this can have an adverse effect on a threat
7:39
S…
Speaker 2 (2026-04-07 00-45-33)
hunt that is in process.
7:42
S…
Speaker 1 (2026-04-07 00-45-33)
So just keep that in mind.
7:43
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunting is not incident response,
7:45
S…
Speaker 2 (2026-04-07 00-45-33)
but they are very closely related,
7:48
S…
Speaker 2 (2026-04-07 00-45-33)
and the two teams very commonly work together in a very
7:52
S…
Speaker 1 (2026-04-07 00-45-33)
coordinated manner.
7:54
S…
Speaker 2 (2026-04-07 00-45-33)
So we're talking about threat hunting and incident response
7:58
S…
Speaker 2 (2026-04-07 00-45-33)
and also vulnerability management.
8:00
S…
Speaker 2 (2026-04-07 00-45-33)
These types of activities are very closely
8:04
S…
Speaker 1 (2026-04-07 00-45-33)
related.
8:05
S…
Speaker 1 (2026-04-07 00-45-33)
Like we said,
8:06
S…
Speaker 2 (2026-04-07 00-45-33)
threat hunting is a proactive activity and vulnerability
8:10
S…
Speaker 2 (2026-04-07 00-45-33)
management can be a proactive activity as well,
8:14
S…
Speaker 2 (2026-04-07 00-45-33)
depending on when it's taking place.
8:17
S…
Speaker 2 (2026-04-07 00-45-33)
As long as it's not as a result of an incident not reacting
8:21
S…
Speaker 2 (2026-04-07 00-45-33)
to an incident,
8:21
S…
Speaker 2 (2026-04-07 00-45-33)
vulnerability management can be proactive.
8:25
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunting is always proactive.
8:27
S…
Speaker 1 (2026-04-07 00-45-33)
Incident response,
8:28
S…
Speaker 2 (2026-04-07 00-45-33)
on the other hand,
8:29
S…
Speaker 2 (2026-04-07 00-45-33)
is a reactive activity.
8:32
S…
Speaker 1 (2026-04-07 00-45-33)
And again,
8:33
S…
Speaker 2 (2026-04-07 00-45-33)
vulnerability management can be reactive.
8:36
S…
Speaker 2 (2026-04-07 00-45-33)
So vulnerability management can be either proactive or reactive.
8:40
S…
Speaker 2 (2026-04-07 00-45-33)
Threat hunting is almost always proactive.
8:42
S…
Speaker 2 (2026-04-07 00-45-33)
Incident response is as the name implies always reactive.
8:46
S…
Speaker 2 (2026-04-07 00-45-33)
You are responding to something.
8:49
S…
Speaker 2 (2026-04-07 00-45-33)
But all three of these activities very commonly use a lot of the same
8:53
S…
Speaker 2 (2026-04-07 00-45-33)
methods, a lot of the same tools.
8:55
S…
Speaker 2 (2026-04-07 00-45-33)
All three of them are going to involve some sort of looking at
8:59
S…
Speaker 2 (2026-04-07 00-45-33)
data and analyzing the information in that data to reach some sort
9:03
S…
Speaker 2 (2026-04-07 00-45-33)
of conclusion or perform some sort of activity.
9:06
S…
Speaker 2 (2026-04-07 00-45-33)
They're all going to involve some level of gathering
9:10
S…
Speaker 2 (2026-04-07 00-45-33)
intelligence or sharing intelligence information,
9:13
S…
Speaker 2 (2026-04-07 00-45-33)
looking at intelligence feeds,
9:16
S…
Speaker 2 (2026-04-07 00-45-33)
vulnerability feeds.
9:18
S…
Speaker 1 (2026-04-07 00-45-33)
interacting,
9:19
S…
Speaker 2 (2026-04-07 00-45-33)
discovering,
9:20
S…
Speaker 2 (2026-04-07 00-45-33)
trying to block various different techniques,
9:24
S…
Speaker 2 (2026-04-07 00-45-33)
tactics,
9:24
S…
Speaker 2 (2026-04-07 00-45-33)
techniques, and procedures.
9:26
S…
Speaker 2 (2026-04-07 00-45-33)
A lot of the times they'll involve automation and
9:30
S…
Speaker 2 (2026-04-07 00-45-33)
orchestration to help speed up some of the activities or make them a little more
9:34
S…
Speaker 2 (2026-04-07 00-45-33)
efficient.
9:35
S…
Speaker 1 (2026-04-07 00-45-33)
And then in addition,
9:37
S…
Speaker 2 (2026-04-07 00-45-33)
there will be manual data analysis,
9:40
S…
Speaker 2 (2026-04-07 00-45-33)
log analysis in all of these activities as well.
9:45
S…
Speaker 2 (2026-04-07 00-45-33)
So when we're talking about threat hunting,
9:49
S…
Speaker 2 (2026-04-07 00-45-33)
what are the specific goals we're trying to accomplish
9:53
S…
Speaker 1 (2026-04-07 00-45-33)
here?
9:53
S…
Speaker 1 (2026-04-07 00-45-33)
As the aim implies,
9:55
S…
Speaker 2 (2026-04-07 00-45-33)
we're trying to find these advanced threats in the infrastructure.
10:00
S…
Speaker 2 (2026-04-07 00-45-33)
A lot of your more routine or common threats,
10:04
S…
Speaker 2 (2026-04-07 00-45-33)
your non -advanced malware,
10:06
S…
Speaker 2 (2026-04-07 00-45-33)
we'll say,
10:07
S…
Speaker 2 (2026-04-07 00-45-33)
is detected by your kind of routine or standardized monitoring.
10:12
S…
Speaker 1 (2026-04-07 00-45-33)
However,
10:12
S…
Speaker 2 (2026-04-07 00-45-33)
a lot of the advanced threats aren't going to be.
10:16
S…
Speaker 2 (2026-04-07 00-45-33)
And when we say advanced threats,
10:17
S…
Speaker 2 (2026-04-07 00-45-33)
we're talking about things like nation -state actors,
10:20
S…
Speaker 2 (2026-04-07 00-45-33)
your attackers that are either sponsored by a
10:24
S…
Speaker 2 (2026-04-07 00-45-33)
particular nation's government.
10:27
S…
Speaker 2 (2026-04-07 00-45-33)
or are officially a part of a nation's government,
10:30
S…
Speaker 2 (2026-04-07 00-45-33)
something like that.
10:30
S…
Speaker 2 (2026-04-07 00-45-33)
They have a lot of financial backing,
10:33
S…
Speaker 2 (2026-04-07 00-45-33)
a lot of resources at their disposal,
10:36
S…
Speaker 2 (2026-04-07 00-45-33)
which gives them more ability for these more advanced attacks.
10:41
S…
Speaker 2 (2026-04-07 00-45-33)
A lot of your insider threats,
10:43
S…
Speaker 1 (2026-04-07 00-45-33)
you know,
10:44
S…
Speaker 2 (2026-04-07 00-45-33)
employees that may be carrying out attacks or stealing information
10:48
S…
Speaker 2 (2026-04-07 00-45-33)
can be advanced threats as well.
10:49
S…
Speaker 2 (2026-04-07 00-45-33)
They can be a lot more difficult to detect.
10:53
S…
Speaker 2 (2026-04-07 00-45-33)
A lot of your new or more advanced malware might
10:57
S…
Speaker 2 (2026-04-07 00-45-33)
not be detected and very frequently is not detected by your
11:01
S…
Speaker 2 (2026-04-07 00-45-33)
standard monitoring techniques because,
11:03
S…
Speaker 2 (2026-04-07 00-45-33)
again, they're working off of predefined rules and predefined criteria.
11:07
S…
Speaker 2 (2026-04-07 00-45-33)
that may not exist yet for new malware.
11:10
S…
Speaker 2 (2026-04-07 00-45-33)
The goal here besides just detecting threats is
11:14
S…
Speaker 2 (2026-04-07 00-45-33)
to minimize and reduce the amount of time that
11:19
S…
Speaker 2 (2026-04-07 00-45-33)
an attacker is in an organization's network.
11:22
S…
Speaker 2 (2026-04-07 00-45-33)
We want to attempt to identify these threats,
11:26
S…
Speaker 2 (2026-04-07 00-45-33)
identify these attacks in their early stages.
11:30
S…
Speaker 2 (2026-04-07 00-45-33)
And we'll talk about
11:31
S…
Speaker 2 (2026-04-07 00-45-33)
kind of these stages and life cycle of attacks in a later
11:36
S…
Speaker 2 (2026-04-07 00-45-33)
video in this course.
11:37
S…
Speaker 2 (2026-04-07 00-45-33)
We will talk about those stages in this course.
11:40
S…
Speaker 2 (2026-04-07 00-45-33)
What we're trying to accomplish here is reduce
11:44
S…
Speaker 2 (2026-04-07 00-45-33)
the amount of time the attackers are in the network,
11:46
S…
Speaker 2 (2026-04-07 00-45-33)
which gives them less time to cause damage to the
11:50
S…
Speaker 2 (2026-04-07 00-45-33)
systems, to introduce their malware,
11:52
S…
Speaker 2 (2026-04-07 00-45-33)
to exfiltrate data,
11:54
S…
Speaker 2 (2026-04-07 00-45-33)
to carry out their end goals.
11:57
S…
Speaker 2 (2026-04-07 00-45-33)
We want to have these attackers
11:59
S…
Speaker 2 (2026-04-07 00-45-33)
In the network for a lot shorter amount of time,
12:02
S…
Speaker 2 (2026-04-07 00-45-33)
detect them in the early stages of the attacks to
12:06
S…
Speaker 2 (2026-04-07 00-45-33)
reduce the amount of damage.
12:08
S…
Speaker 2 (2026-04-07 00-45-33)
And that is the ultimate goal of threat hunting.
12:11
S…
Speaker 2 (2026-04-07 00-45-33)
Catch the threat actors in the early stages to minimize
12:15
S…
Speaker 2 (2026-04-07 00-45-33)
the damage they can cause.
12:17
S…
Speaker 1 (2026-04-07 00-45-33)
In
12:25
S…
Speaker 2 (2026-04-07 00-45-33)
this video, we're going to take a look at several different reasons
12:29
S…
Speaker 2 (2026-04-07 00-45-33)
that threat hunting is important and several benefits that
12:33
S…
Speaker 2 (2026-04-07 00-45-33)
threat hunting can provide to organizations.
12:36
S…
Speaker 2 (2026-04-07 00-45-33)
Now, the first of those is to reduce what is known as
12:40
S…
Speaker 2 (2026-04-07 00-45-33)
the dwell time.
12:42
S…
Speaker 2 (2026-04-07 00-45-33)
Dwell time can also be referred to as the time to discover,
12:46
S…
Speaker 2 (2026-04-07 00-45-33)
so you may hear it either way.
12:48
S…
Speaker 2 (2026-04-07 00-45-33)
Essentially,
12:49
S…
Speaker 2 (2026-04-07 00-45-33)
this is the amount of time that a threat actor or an
12:53
S…
Speaker 2 (2026-04-07 00-45-33)
adversary is on the network before they're discovered,
12:57
S…
Speaker 2 (2026-04-07 00-45-33)
the amount of time that they're retaining access to various systems to
13:02
S…
Speaker 2 (2026-04-07 00-45-33)
be able to carry out their end goals.
13:05
S…
Speaker 2 (2026-04-07 00-45-33)
This gives them time to gather data,
13:08
S…
Speaker 2 (2026-04-07 00-45-33)
exfiltrate and steal data,
13:10
S…
Speaker 2 (2026-04-07 00-45-33)
collect different credentials,
13:12
S…
Speaker 2 (2026-04-07 00-45-33)
perform any sort of lateral movement or privilege
13:16
S…
Speaker 2 (2026-04-07 00-45-33)
escalation across the network,
13:18
S…
Speaker 2 (2026-04-07 00-45-33)
deploy tools that will get them more persistent
13:22
S…
Speaker 2 (2026-04-07 00-45-33)
access,
13:22
S…
Speaker 2 (2026-04-07 00-45-33)
or deploy any other sort of malware.
13:25
S…
Speaker 2 (2026-04-07 00-45-33)
There's a number of different things attackers can do while
13:29
S…
Speaker 2 (2026-04-07 00-45-33)
they're on the network before they're discovered.
13:33
S…
Speaker 2 (2026-04-07 00-45-33)
Now, the discovery time,
13:35
S…
Speaker 2 (2026-04-07 00-45-33)
the amount of dwell time,
13:37
S…
Speaker 2 (2026-04-07 00-45-33)
or the time to discover is impacted and influenced by a
13:41
S…
Speaker 2 (2026-04-07 00-45-33)
lot of different things.
13:42
S…
Speaker 2 (2026-04-07 00-45-33)
Number one can be the detection of
13:47
S…
Speaker 2 (2026-04-07 00-45-33)
the attacker on the network.
13:48
S…
Speaker 2 (2026-04-07 00-45-33)
This ideally will happen before the attacker is
13:52
S…
Speaker 2 (2026-04-07 00-45-33)
able to carry out their goals.
13:55
S…
Speaker 2 (2026-04-07 00-45-33)
But if they are detected before they're able to carry out their goals,
13:58
S…
Speaker 2 (2026-04-07 00-45-33)
that is a good thing,
13:59
S…
Speaker 2 (2026-04-07 00-45-33)
and that helps to reduce the dwell time.
14:02
S…
Speaker 2 (2026-04-07 00-45-33)
Another thing that can result in detection is the attacker
14:07
S…
Speaker 2 (2026-04-07 00-45-33)
either achieving their goals,
14:09
S…
Speaker 2 (2026-04-07 00-45-33)
which there usually is something to notice there when they do achieve
14:13
S…
Speaker 1 (2026-04-07 00-45-33)
their goals.
14:13
S…
Speaker 2 (2026-04-07 00-45-33)
They usually kind of give themselves away or they detonate what is known
14:17
S…
Speaker 2 (2026-04-07 00-45-33)
as a noisy payload.
14:19
S…
Speaker 2 (2026-04-07 00-45-33)
Essentially, a noisy payload is something.
14:22
S…
Speaker 2 (2026-04-07 00-45-33)
That when they run a piece of software or whatever it is they're trying to do,
14:26
S…
Speaker 2 (2026-04-07 00-45-33)
it sets off various different triggers or alerts on the network.
14:30
S…
Speaker 2 (2026-04-07 00-45-33)
That's what's meant by noisy in this instance.
14:34
S…
Speaker 2 (2026-04-07 00-45-33)
Now, different types of attacks,
14:37
S…
Speaker 2 (2026-04-07 00-45-33)
different attackers are going to have different levels
14:41
S…
Speaker 2 (2026-04-07 00-45-33)
of dwell time for a lot of different reasons.
14:44
S…
Speaker 2 (2026-04-07 00-45-33)
A good example of that is ransomware usually is going to have
14:48
S…
Speaker 2 (2026-04-07 00-45-33)
a very small dwell time.
14:50
S…
Speaker 2 (2026-04-07 00-45-33)
The attacker is going to be on the network for a very short amount of time before
14:54
S…
Speaker 2 (2026-04-07 00-45-33)
they actually carry out the ransomware attack,
14:57
S…
Speaker 2 (2026-04-07 00-45-33)
especially if their sole goal is to
15:00
S…
Speaker 2 (2026-04-07 00-45-33)
who just encrypt data and demand money for it to be decrypted.
15:04
S…
Speaker 2 (2026-04-07 00-45-33)
They don't have a need to stay on the network for a long amount of time.
15:08
S…
Speaker 1 (2026-04-07 00-45-33)
They get in,
15:08
S…
Speaker 1 (2026-04-07 00-45-33)
they detonate the payload,
15:09
S…
Speaker 2 (2026-04-07 00-45-33)
and then they are done.
15:11
S…
Speaker 2 (2026-04-07 00-45-33)
So usually that's a very small dwell time.
15:13
S…
Speaker 2 (2026-04-07 00-45-33)
More advanced attacks typically have much longer
15:17
S…
Speaker 2 (2026-04-07 00-45-33)
dwell times.
15:19
S…
Speaker 1 (2026-04-07 00-45-33)
Now, to give you an example of what this is,
15:21
S…
Speaker 2 (2026-04-07 00-45-33)
this actually has come down significantly in recent years.
15:24
S…
Speaker 2 (2026-04-07 00-45-33)
I heard back in the,
15:25
S…
Speaker 2 (2026-04-07 00-45-33)
you know, early 2000s,
15:28
S…
Speaker 1 (2026-04-07 00-45-33)
2010s,
15:28
S…
Speaker 2 (2026-04-07 00-45-33)
we were talking about,
15:30
S…
Speaker 2 (2026-04-07 00-45-33)
you know, dwell times in the hundreds of days.
15:32
S…
Speaker 1 (2026-04-07 00-45-33)
But now 2022,
15:34
S…
Speaker 2 (2026-04-07 00-45-33)
the average dwell time,
15:35
S…
Speaker 2 (2026-04-07 00-45-33)
and this is data according to Mandiant reports,
15:38
S…
Speaker 2 (2026-04-07 00-45-33)
2022,
15:39
S…
Speaker 2 (2026-04-07 00-45-33)
the average dwell time was just about 16 days.
15:41
S…
Speaker 2 (2026-04-07 00-45-33)
In 2023,
15:42
S…
Speaker 2 (2026-04-07 00-45-33)
it was only 10 days.
15:44
S…
Speaker 1 (2026-04-07 00-45-33)
Now,
15:45
S…
Speaker 2 (2026-04-07 00-45-33)
compare that to something like 2020.
15:47
S…
Speaker 2 (2026-04-07 00-45-33)
where it was 56 days.
15:49
S…
Speaker 2 (2026-04-07 00-45-33)
So a considerable difference,
15:51
S…
Speaker 2 (2026-04-07 00-45-33)
and it is coming down thanks to,
15:53
S…
Speaker 2 (2026-04-07 00-45-33)
you know, more advanced technology for defensive measures,
15:56
S…
Speaker 2 (2026-04-07 00-45-33)
better detections,
15:57
S…
Speaker 2 (2026-04-07 00-45-33)
but also more advanced,
15:59
S…
Speaker 2 (2026-04-07 00-45-33)
better, and more often threat hunting as well.
16:03
S…
Speaker 1 (2026-04-07 00-45-33)
Now, you might be asking,
16:05
S…
Speaker 2 (2026-04-07 00-45-33)
why is this really important?
16:07
S…
Speaker 1 (2026-04-07 00-45-33)
Again, with threat hunting,
16:08
S…
Speaker 2 (2026-04-07 00-45-33)
our goal is to detect these threats before the attacker
16:12
S…
Speaker 2 (2026-04-07 00-45-33)
can get to their end goal,
16:14
S…
Speaker 2 (2026-04-07 00-45-33)
before they can carry out whatever their goal is.
16:18
S…
Speaker 2 (2026-04-07 00-45-33)
The longer amount of time they're on the network,
16:21
S…
Speaker 1 (2026-04-07 00-45-33)
the more they can accomplish in the infrastructure,
16:25
S…
Speaker 2 (2026-04-07 00-45-33)
the more likely it is they're able to carry out their goals.
16:29
S…
Speaker 2 (2026-04-07 00-45-33)
And the harder it becomes to actually remove them or
16:33
S…
Speaker 2 (2026-04-07 00-45-33)
evict them from those systems,
16:35
S…
Speaker 2 (2026-04-07 00-45-33)
the larger or the better hold they get on those systems,
16:38
S…
Speaker 1 (2026-04-07 00-45-33)
you know,
16:39
S…
Speaker 2 (2026-04-07 00-45-33)
the longer they're on the network,
16:41
S…
Speaker 2 (2026-04-07 00-45-33)
let me rephrase that,
16:42
S…
Speaker 2 (2026-04-07 00-45-33)
the longer they're on the network,
16:43
S…
Speaker 2 (2026-04-07 00-45-33)
the better hold they get on the systems,
16:45
S…
Speaker 1 (2026-04-07 00-45-33)
the more difficult it becomes to detect them,
16:48
S…
Speaker 1 (2026-04-07 00-45-33)
depending on the,
16:48
S…
Speaker 2 (2026-04-07 00-45-33)
you know, the skills they have,
16:51
S…
Speaker 1 (2026-04-07 00-45-33)
but the more difficult it becomes to remove them as
16:55
S…
Speaker 1 (2026-04-07 00-45-33)
well.
16:56
S…
Speaker 2 (2026-04-07 00-45-33)
The early discovery,
16:58
S…
Speaker 2 (2026-04-07 00-45-33)
the early removal,
16:59
S…
Speaker 2 (2026-04-07 00-45-33)
reducing this dwell time really helps to reduce
17:04
S…
Speaker 2 (2026-04-07 00-45-33)
the chance of a very costly impact to the organization.
17:08
S…
Speaker 2 (2026-04-07 00-45-33)
And that's cybersecurity's goal here is to protect
17:12
S…
Speaker 2 (2026-04-07 00-45-33)
the organization's data,
17:13
S…
Speaker 2 (2026-04-07 00-45-33)
systems,
17:14
S…
Speaker 1 (2026-04-07 00-45-33)
and business practices.
17:16
S…
Speaker 1 (2026-04-07 00-45-33)
And threat hunting,
17:17
S…
Speaker 2 (2026-04-07 00-45-33)
reducing this dwell time works to accomplish that
17:22
S…
Speaker 2 (2026-04-07 00-45-33)
goal.
17:23
S…
Speaker 2 (2026-04-07 00-45-33)
Now, when we're talking about threat hunting,
17:25
S…
Speaker 2 (2026-04-07 00-45-33)
we have to also talk about our antivirus and our EDR solutions and the
17:29
S…
Speaker 1 (2026-04-07 00-45-33)
limitations those products have.
17:31
S…
Speaker 2 (2026-04-07 00-45-33)
These types of systems work off of what are known as the predetermined
17:35
S…
Speaker 1 (2026-04-07 00-45-33)
detection rules.
17:37
S…
Speaker 2 (2026-04-07 00-45-33)
Detections have to be written for these pieces of software in order for
17:41
S…
Speaker 2 (2026-04-07 00-45-33)
them to actually find the malware they're trying to find.
17:44
S…
Speaker 2 (2026-04-07 00-45-33)
These are things like signatures that are written to detect specific pieces of
17:48
S…
Speaker 1 (2026-04-07 00-45-33)
malware.
17:49
S…
Speaker 2 (2026-04-07 00-45-33)
signatures or rules for user behavior.
17:53
S…
Speaker 2 (2026-04-07 00-45-33)
If a user does a certain activity,
17:55
S…
Speaker 1 (2026-04-07 00-45-33)
it may be identified as suspicious.
17:57
S…
Speaker 2 (2026-04-07 00-45-33)
This can be as simple as hashes for files or
18:02
S…
Speaker 2 (2026-04-07 00-45-33)
file names.
18:02
S…
Speaker 2 (2026-04-07 00-45-33)
Those are effective signatures when it comes to our AV and our EDR
18:07
S…
Speaker 1 (2026-04-07 00-45-33)
stuff.
18:08
S…
Speaker 1 (2026-04-07 00-45-33)
But basically,
18:09
S…
Speaker 1 (2026-04-07 00-45-33)
with these pieces of software,
18:10
S…
Speaker 2 (2026-04-07 00-45-33)
if an attack or piece of malware doesn't match the rule that was written
18:14
S…
Speaker 2 (2026-04-07 00-45-33)
for it, then that security control isn't going to be aware
18:18
S…
Speaker 2 (2026-04-07 00-45-33)
of the malware or of the attack.
18:21
S…
Speaker 2 (2026-04-07 00-45-33)
And if it's not aware of it,
18:23
S…
Speaker 2 (2026-04-07 00-45-33)
then there's no alerts triggered.
18:24
S…
Speaker 2 (2026-04-07 00-45-33)
There's no actions that it takes because,
18:27
S…
Speaker 2 (2026-04-07 00-45-33)
again, the malware or the attack doesn't trigger the
18:31
S…
Speaker 1 (2026-04-07 00-45-33)
rule.
18:31
S…
Speaker 2 (2026-04-07 00-45-33)
It means the control isn't aware of it and then can't do anything about
18:35
S…
Speaker 1 (2026-04-07 00-45-33)
it.
18:36
S…
Speaker 2 (2026-04-07 00-45-33)
These software also require pretty constant updating,
18:40
S…
Speaker 2 (2026-04-07 00-45-33)
whether it's to the signatures,
18:42
S…
Speaker 2 (2026-04-07 00-45-33)
the software itself,
18:43
S…
Speaker 2 (2026-04-07 00-45-33)
to kind of maintain the awareness of the newer types
18:47
S…
Speaker 2 (2026-04-07 00-45-33)
of attacks,
18:48
S…
Speaker 2 (2026-04-07 00-45-33)
the newer malware,
18:49
S…
Speaker 2 (2026-04-07 00-45-33)
and the newer tools the attackers use.
18:52
S…
Speaker 2 (2026-04-07 00-45-33)
That kind of data and that information,
18:55
S…
Speaker 2 (2026-04-07 00-45-33)
those tools are changing pretty rapidly and are also advancing rapidly
18:59
S…
Speaker 1 (2026-04-07 00-45-33)
as well.
18:59
S…
Speaker 2 (2026-04-07 00-45-33)
And these pieces of software have to be updated in order to be able to detect
19:04
S…
Speaker 1 (2026-04-07 00-45-33)
those.
19:04
S…
Speaker 2 (2026-04-07 00-45-33)
Now, there are advanced methods and more advanced features in
19:08
S…
Speaker 2 (2026-04-07 00-45-33)
some of these tools that can work to detect more of the
19:12
S…
Speaker 2 (2026-04-07 00-45-33)
behavior kind of things that attackers will kind of do.
19:16
S…
Speaker 2 (2026-04-07 00-45-33)
less of the signatures and indicators exactly,
19:20
S…
Speaker 2 (2026-04-07 00-45-33)
but they are still limited and aren't going to be necessarily
19:24
S…
Speaker 2 (2026-04-07 00-45-33)
as effective in finding these threats as threat
19:28
S…
Speaker 2 (2026-04-07 00-45-33)
hunting would be.
19:29
S…
Speaker 2 (2026-04-07 00-45-33)
That's not to say these products shouldn't be used.
19:33
S…
Speaker 2 (2026-04-07 00-45-33)
They absolutely should be used,
19:35
S…
Speaker 2 (2026-04-07 00-45-33)
but they should be used along with threat hunting and other
19:39
S…
Speaker 2 (2026-04-07 00-45-33)
layers to that defense in -depth model.
19:42
S…
Speaker 1 (2026-04-07 00-45-33)
Just be aware that this one layer,
19:44
S…
Speaker 2 (2026-04-07 00-45-33)
really none of the individual layers,
19:46
S…
Speaker 2 (2026-04-07 00-45-33)
are going to be able to detect all of the threats.
19:50
S…
Speaker 1 (2026-04-07 00-45-33)
Now,
19:51
S…
Speaker 2 (2026-04-07 00-45-33)
besides finding threats and finding malware in an
19:55
S…
Speaker 2 (2026-04-07 00-45-33)
environment, threat hunting can help to work to improve the defenses
19:59
S…
Speaker 1 (2026-04-07 00-45-33)
of...
20:00
S…
Speaker 2 (2026-04-07 00-45-33)
the organization.
20:00
S…
Speaker 2 (2026-04-07 00-45-33)
Through the course of performing a threat hunt,
20:03
S…
Speaker 2 (2026-04-07 00-45-33)
you can find a lot of other security issues that you may not have been aware
20:07
S…
Speaker 2 (2026-04-07 00-45-33)
of on the network.
20:08
S…
Speaker 2 (2026-04-07 00-45-33)
Things like maybe you come across vulnerabilities that
20:12
S…
Speaker 2 (2026-04-07 00-45-33)
might need remediation or endpoints that might have some configuration
20:16
S…
Speaker 2 (2026-04-07 00-45-33)
that's not quite right.
20:18
S…
Speaker 2 (2026-04-07 00-45-33)
It may not directly affect the security,
20:20
S…
Speaker 2 (2026-04-07 00-45-33)
but it's still configuration that needs to be adjusted.
20:25
S…
Speaker 2 (2026-04-07 00-45-33)
Maybe the threat hunt finds software on workstations that isn't
20:29
S…
Speaker 2 (2026-04-07 00-45-33)
approved and shouldn't be on those workstations.
20:32
S…
Speaker 2 (2026-04-07 00-45-33)
It could find things like access issues,
20:35
S…
Speaker 2 (2026-04-07 00-45-33)
permissions that haven't been set up properly,
20:37
S…
Speaker 2 (2026-04-07 00-45-33)
that maybe either users have too much permissions and
20:41
S…
Speaker 2 (2026-04-07 00-45-33)
they just don't know it because the users don't know the difference,
20:44
S…
Speaker 2 (2026-04-07 00-45-33)
or,
20:45
S…
Speaker 2 (2026-04-07 00-45-33)
you know, not enough permissions for certain access that's needed,
20:48
S…
Speaker 2 (2026-04-07 00-45-33)
but again, no one's complained about it.
20:50
S…
Speaker 2 (2026-04-07 00-45-33)
So threat hunting can find...
20:52
S…
Speaker 2 (2026-04-07 00-45-33)
And this is not an exhaustive list.
20:54
S…
Speaker 2 (2026-04-07 00-45-33)
This is a very small list of what threat hunting practices and measures
21:00
S…
Speaker 2 (2026-04-07 00-45-33)
can find.
21:00
S…
Speaker 2 (2026-04-07 00-45-33)
Any data that is found during a threat hunt
21:05
S…
Speaker 2 (2026-04-07 00-45-33)
can potentially be used to improve the security
21:09
S…
Speaker 2 (2026-04-07 00-45-33)
of the organization using finding things that can help adjust
21:13
S…
Speaker 2 (2026-04-07 00-45-33)
security controls or even finding places where security controls
21:17
S…
Speaker 2 (2026-04-07 00-45-33)
are lacking.
21:19
S…
Speaker 2 (2026-04-07 00-45-33)
And the organization might need new security controls implemented.
21:23
S…
Speaker 2 (2026-04-07 00-45-33)
It's not uncommon during a threat hunting activity to
21:27
S…
Speaker 2 (2026-04-07 00-45-33)
find that there are missing logs.
21:29
S…
Speaker 2 (2026-04-07 00-45-33)
There are systems that have not been logging properly or maybe were never configured
21:34
S…
Speaker 2 (2026-04-07 00-45-33)
to log properly in the first place.
21:35
S…
Speaker 2 (2026-04-07 00-45-33)
So it's common to find during these threat hunting places where the
21:39
S…
Speaker 2 (2026-04-07 00-45-33)
logging can be improved.
21:41
S…
Speaker 2 (2026-04-07 00-45-33)
And also that there can be additional rules written for
21:46
S…
Speaker 2 (2026-04-07 00-45-33)
a lot of these detection systems.
21:47
S…
Speaker 2 (2026-04-07 00-45-33)
This is a very common outcome with threat hunting.
21:52
S…
Speaker 2 (2026-04-07 00-45-33)
reporting and outcomes with threat hunts much later in the learning path
21:56
S…
Speaker 2 (2026-04-07 00-45-33)
in a different course.
21:57
S…
Speaker 2 (2026-04-07 00-45-33)
But it's very common to,
22:00
S…
Speaker 1 (2026-04-07 00-45-33)
you know, find,
22:00
S…
Speaker 2 (2026-04-07 00-45-33)
if you find intrusions,
22:02
S…
Speaker 2 (2026-04-07 00-45-33)
you do find the threats on during the threat hunt on the network,
22:05
S…
Speaker 1 (2026-04-07 00-45-33)
you can write,
22:06
S…
Speaker 1 (2026-04-07 00-45-33)
you can,
22:07
S…
Speaker 2 (2026-04-07 00-45-33)
you know, based on what you found,
22:08
S…
Speaker 2 (2026-04-07 00-45-33)
you can write new rules for detections for a lot of the security controls,
22:13
S…
Speaker 2 (2026-04-07 00-45-33)
which can,
22:14
S…
Speaker 1 (2026-04-07 00-45-33)
again,
22:14
S…
Speaker 2 (2026-04-07 00-45-33)
help protect the organization.
22:17
S…
Speaker 2 (2026-04-07 00-45-33)
So we've talked about why threat hunting is important,
22:20
S…
Speaker 2 (2026-04-07 00-45-33)
but also when should we actually perform threat hunts?
22:24
S…
Speaker 2 (2026-04-07 00-45-33)
This is going to vary greatly depending on the organization,
22:27
S…
Speaker 2 (2026-04-07 00-45-33)
the size of the organization,
22:29
S…
Speaker 2 (2026-04-07 00-45-33)
the layout of the security teams,
22:31
S…
Speaker 2 (2026-04-07 00-45-33)
and really just the needs of the organization.
22:35
S…
Speaker 2 (2026-04-07 00-45-33)
Organizations that have dedicated threat hunting teams,
22:38
S…
Speaker 2 (2026-04-07 00-45-33)
usually going to be larger organizations,
22:40
S…
Speaker 2 (2026-04-07 00-45-33)
very frequently will have scheduled threat hunts.
22:42
S…
Speaker 2 (2026-04-07 00-45-33)
These are just going to be performed on a regular basis on a routine schedule.
22:47
S…
Speaker 2 (2026-04-07 00-45-33)
They'll be based on various different hypotheses that the
Din it-tranżmissjoni ġiet iġġenerata minn AI (rikonoxximent awtomatiku tad-diskors) jista' jkun fiha żbalji — ivverifika mal-awdjo oriġinali għal użu kritiku. Politika dwar l-AI
Sommarju
Ikklikkja Sommarju biex tiġġenera sommarju AI ta ’dan it-traskrizzjoni.
Fil-qosor...
Staqsi AI Dwar Dan Tranżkript
Staqsi xi ħaġa dwar din it-traskrizzjoni — l-AI se ssib sezzjonijiet rilevanti u twieġeb.