7MS #350: Interview with Lewie Wilkinson of Pondurance
Today's featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via Skype to talk a lot about a topic I'm fascinated with: incident response! I had a slew of questions and topics I wanted to discuss, including:
-
Fundamentals of threat hunting
-
What is threat hunting?
-
What are the fundamentals to start mastering?
-
How can someone start developing the core skills to get good at it?
-
How can sysadmins/network admin, who have a busy enough time already just keeping the digital lights on, handle the mounting pressure to also shoulder security responsibilities as part of their job duties?
-
What training/cert options are good to build skills in threat hunting?
-
Lets say you know one of your users has clicked something icky and you suspect compromised machine/creds. You pull the machine off the network and rebuild it. How do you know that you've found/limited the extent of the damage?
-
Are attackers on networks typically wiping logs on systems as the bounce around laterally?
-
Anything to add to the low-hanging hacker fruit list?
-
Why is it so critical to not just have logs, but have verbose logs with rich data you need in an investigation?
-
When does it make sense to outsource some security responsibilities to a third party?