In this video, explore hunt teams, analysis techniques—behavioral and heuristical—, and establishing a review system for logs and events to find incidents.
- [Narrator] To facilitate incident detection and response,…it's important to be actively looking…for incidents in your network.…There are three major ways to systematize your efforts…and detect new incidents, utilizing hunt teams,…selecting the correct analysis techniques,…and establishing a log and event review system.…In a previous lesson we talked about…the blue team and the red team,…but what exactly is a hunt team?…Well a hunt team is a group of cybersecurity professionals…who focus on finding an adversary…who's already on your network,…whether you know they're there or not.…
The hunt team works under…the security operations center in the organization.…They search through event and log files…to determine where a malicious actor…could be hiding inside your network.…The hunt team works to identify any internal…or external violations of your network security policy,…as well as violations of your privacy policy.…They are also responsible for locating insider threats,…which are extremely challenging since…the user has the authorize credentials already in place.…
Author
Released
8/27/2018- Security assessments
- Audits
- Code reviews
- Assessment tools: Scanners, enumerators, exploitation tools, and more
- Incident response
- Incident response tools: Disk imaging, packet capture, memory forensics, and more
Skill Level Advanced
Duration
Views
Related Courses
-
CASP+ Cert Prep: 1 Risk Management
with Jason Dion2h 34m Advanced
-
Introduction
-
What you should know1m 18s
-
About the exam1m 42s
-
1. Security Assessments
-
Vulnerability assessments4m 20s
-
Malware analysis2m 21s
-
Penetration testing2m 26s
-
Internal vs. external audits1m 37s
-
Code reviews2m 38s
-
2. Tools Used in Security Assessments
-
Port scanners1m 36s
-
Vulnerability scanners1m 14s
-
Protocol analyzers1m 26s
-
Network enumerator1m 52s
-
Password crackers1m 23s
-
Fuzzer1m 9s
-
HTTP interceptor1m 6s
-
Visualization tools1m 43s
-
Command line tools1m 20s
-
Physical security tools1m 38s
-
3. Incident Response
-
E-discovery1m 43s
-
Data retention policies1m 55s
-
Data recovery and storage1m 34s
-
Data ownership2m 44s
-
Data handling2m 41s
-
Legal holds1m 27s
-
Data breach4m 59s
-
Chain of custody4m 3s
-
Forensic analysis2m 5s
-
Order of volatility1m 33s
-
Severity of the incident3m 1s
-
Incident response team1m 57s
-
Post-incident response3m 5s
-
4. Tools Used in Incident Response and Recovery
-
Disk imaging2m 18s
-
nbtstat and netstat1m 12s
-
Netcat1m 2s
-
Memory forensics1m 14s
-
File carving1m 12s
-
FTK and EnCase1m 12s
-
Conclusion
-
Next steps4m 48s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Incident detection and response