Cyber threat hunting in modern IT environments
08.10.2020 • 16.30
edited by Clusis
Webinar in French
A vast majority of SOC (Security Operation Center) around the world have limited tools (SIEM, SOAR, EDR, etc.) to carry out their detection activities, of hunting and investigation. This presentation covers an entire practical case of industrialization of compromise research campaigns, from building a solid and targeted knowledge of threat intelligence to the automation of hunting campaigns across an entire information system. A certain number of tools will be used : OpenCTI, Tanium, Python, etc.
Tanium offers a unified endpoint management and security platform that is built for the world’s most demanding IT environments. Many of the world’s largest and most sophisticated organizations, including nearly half of the Fortune 100, top retailers and financial institutions, and the six branches of the US Armed Forces rely on Tanium to make confident decisions, operate efficiently and effectively, and remain resilient against disruption. Tanium ranks 7th on the Forbes list of “Top 100 Private Companies in Cloud Computing” for 2019 and 10th on FORTUNE’s list of the “100 Best Medium Workplaces.”
The Clusis, Swiss Association for Information Security, is dedicated to all aspects of cybersecurity. Nonprofit organization, it was founded in 1989. Originally, the founders of Clusis are aware that companies must be made aware of the risks to which they are now exposed. Information processing technologies are booming and businesses have jumped on the bandwagon, without always being able to protect their sensitive data. Actors in the economy also need a competent interlocutor to answer their questions, Clusis was born.
Become a recognized center of expertise in all areas of information systems security, the Clusis explores new information paths, takes risks and comes back to its members with new solutions. With this experience, Clusis allows its members - today professional cybersecurity players - to consolidate, refresh their knowledge through practical experience and stimulate debate with experienced interlocutors.
The risks and threats have evolved since the creation of the association and the businesses around the security of information systems have become more complex. Today, the Clusis is a real platform for exchanges between more than 400 experts : senior professors from the academic world, competent security professionals or SMEs involved in these issues. Thanks to a flagship annual event, the Strategic Day, targeted and cutting-edge conferences, formations, the Clusis shares its updated knowledge with interested companies and experts. The success of these exchanges testifies to the quality of the speakers and their mutual contributions.
Samuel Hassine is currently Director of Security & BDU at Tanium. He is responsible for the continuous improvement of the platform's detection and integration capabilities and intervenes in the event of a customer compromise to help incident response teams conduct their investigations effectively. Previously head of the Threat and Risk Analysis office at the French National Agency for the Security of Information Systems (ANSSI, the French governmental CERT), Samuel Hassine has over 10 experience in IT threat analysis, detection and incident response.