Threat hunting is a human focused process. Automation is an important part to being able to hunt effectively and consistently over time but threat hunting cannot be fully automated.
The important part about threat hunting is pitting the best human defenders against the human threats we face. In this presentation the case will be made that threat hunting cannot be fully automated. This will be done through a discussion on where the approach should exist in an organization’s security maturity model and will be reinforced with examples of hunting inside of ICS/SCADA networks such as those that operate the power
grid, oil facilities, and petrochemical environments.
Robert M. Lee (@RobertMLee), CEO, Dragos Inc.