Michael talks to Matt Bromiley about the importance of packet capture in threat hunting and how AI can improve detection and response.
By Michael Morris, Director of Global Business Development, Endace
With limited network visibility and overwhelming data volumes, organizations struggle to detect and respond to advanced cyber threats.
In this episode of the Endace Packet Forensics Files, I talk with Matt Bromiley, a veteran in threat hunting and incident response. With over a decade of experience and a role as a SANS instructor, Matt brings a wealth of practical knowledge to our discussion.
Matt highlights the importance of robust detection and response systems before beginning any threat hunt. He explains that even when a hunt doesn’t yield immediate results, the insights gained are invaluable for understanding the security landscape. Matt points out that proactive threat hunting is about deeply understanding network traffic, which offers significant advantages over more traditional reactive approaches.
During our conversation, Matt emphasised network packet data’s critical role in cybersecurity. He describes it as the “glue” that ties together various pieces of evidence, providing a comprehensive view of any potential attack. According to Matt, analyzing decrypted traffic and DNS logs is essential for uncovering hidden threats that might remain undetected.
Matt talks about the challenges of threat hunting, particularly when dealing with large volumes of packet data and navigating legal constraints. He stresses the necessity of having a skilled team and the right tools to manage these challenges effectively. He also shares his insights on the growing role of AI in threat hunting, predicting that it will increasingly help automate routine tasks, freeing up analysts to focus on more complex threats.
Matt’s expertise underscores the importance of a proactive approach, a deep understanding of network data, and the use of the right tools to stay ahead of cyber threats.
Don’t miss this insightful episode, where Matt provides actionable advice for enhancing your threat-hunting capabilities and strengthening your cybersecurity defenses.
Follow Matt on Linkedin
Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.