Andreas van Leeuwen
Andreas began his career as a UNIX and Linux systems administrator, evolving into a security consultant and pentester where he amassed over a decade of experience. In this arena, he focused on testing banking applications and led large pentests, while coaching his team of information security engineers. More recently, Andreas has expanded his skill sets though work in product management, online retail, and entrepreneurial ventures. Currently, he is focused on malware and threat hunting in general, particularly in assisting organizations across the globe build up their own threat hunting programs.
Traditionally, information security is a defensive measure. Hackers are agile and have evolved rapidly, defensive measures have not. Malware consistently breaches these defensive solutions - high profile hacks resulting in loss of data, financial impact and damage to corporate reputation. Malware often resides undetected for long periods of time before exploiting, calling into question organisational best practices.
The concept of threat hunting addresses this by taking a proactive approach to finding threats that have already breached all defenses. This is done right when taking a forensically sound approach. We call this Forensic State Analysis.
The talk will provide you with an introduction to threat hunting by covering:
- The current malware reality
- How threat hunting fits into organisational security
- Origins of threat hunting
- The 4 key principles required to manage the Breach Detection Gap
- Forensic State Analysis vs. EDR approaches
- Present and the future of threat hunting
- How to start threat hunting in your organisation and evolve this into a mature program