Try to prevent what you can, detect what you can’t prevent and hunt for what you can’t detect.
For this episode about threat hunting, Robby is joined by Andreas Bråthen, Team Lead for threat hunting at mnemonic. Andreas has worked on mnemonic’s threat hunting program for the past three years and shares some of his insights into why the threat hunting domain is so difficult to navigate, and how he defines this somewhat abstract term.
He also goes into detail about the process behind the way mnemonic does threat hunting on a daily basis, what kind of technology you need to support this kind of program, and the difference between the structured and unstructured approach to threat hunting.
Producer: Paul Jæge