Lessons Learned from SUNBURST to Enhance Future Hunting
A Panel Discussion on the SUNBURST Attack
SUNBURST malware, the SolarWinds supply chain intrusion, and its follow-on effects will reverberate for years, but defenders are already asking good questions about how best to hunt for similar kinds of attacks in the future. In this panel discussion, the Research team from DomainTools joins moderator Tim Helming for a discussion about hunting for evidence of attacks of this nature.
Topics will include:
- What type of hunting teams should be doing now if they’re unsure of whether they’ve been compromised by the SolarWinds event
- The role of adversary infrastructure-based hunting
- Recommendations on what are likely to be the best ROI hunting/incident response activities, especially given the flood of indicators and TTPs in the wake of the event
- Whether threat hunting could have caught this incursion in its earliest stages