Hypothesis-based threat hunting can help us tackle this issue by assuming that an incident of any kind has already happened and that the Indicators of Attack/Compromise just need to be uncovered. This way, we can proactively detect threats in our environment and enhance the detecting solutions afterwards with new experience gained while hunting for such occurrences.
During this session, Mike Jankowski-Lorek will show you how to:
- Come up with a good hypothesis tailored for your own environment
- Create KQL queries based on what we know from the hypothesis
- Analyze the results to disclose any unwanted activity
- Solutions used during this session include (but are not limited to) Microsoft Sentinel, Microsoft 365 Defender, and Azure AD.
Dr. Mike Jankowski-Lorek is a cybersecurity expert, solution architect, consultant, penetration tester and developer with more than 18 years of experience in the field. He designs and implements solutions for organization identity and access, databases, network and security monitoring and management, mainly working in Microsoft ecosystem for medium to enterprise-level organizations.
扬声器
Dr. Mike Jankowski-Lorek is a cybersecurity expert, solution architect, consultant, penetration tester and developer with a Ph.D. in Computer Science and more than 18 years of experience in the field. He designs and implements solutions for organization identity and access, databases, network, and security monitoring and management, mainly working in Microsoft ecosystem for medium to enterprise-level organizations. He is constantly supporting organizations in increasing their cybersecurity posture and journey to the cloud, working with management and technical personnel to solve issues and mitigate potential threats for the organizations. Since 2007, he has been closely cooperating with the Polish-Japanese Academy of Information Technology in Warsaw, teaching security, database, and data mining-related subjects. As a trainer at CQURE Academy, he delivers trainings related to Windows infrastructure security, hacking of Microsoft ecosystems, cloud solutions, database servers security, penetration testing and others.