What is Cyber Threat Hunting? Approaches, Tools and Intel Explained
by Scott Hanson, George Glass
Scott Hanson is an associate managing director and Head of Global Security Operations in the Cyber Risk practice, based in Secaucus.
Scott leverages more than a decade of experience in enterprise information technology, with significant expertise in endpoint detection and response (EDR), security incident and event management (SIEM) and related technologies. His primary focus at Kroll is helping clients enhance or restore network security through continuous threat detection, incident response and “triage” forensics.
Prior to joining Kroll, Scott served as an information systems analyst at ExxonMobil Global Services Company. In that role, he was responsible for incident investigation and security engineering. Throughout his career, Scott has participated in hundreds of incident response investigations, has implemented and managed countless enterprise technology solutions and has managed information security teams around the world.
Scott received a master’s degree in information systems management and a B.S. in information systems from Brigham Young University. He also holds numerous certifications, designating him as a GIAC Network Forensic Analyst (GNFA), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Certified Systems Auditor (CISA) and PCI Qualified Security Assessor (QSA).
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.
Cyber incident remediation and recovery services are part of Kroll’s Complete Response capabilities, expediting system recovery and minimizing business disruption.
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Proactively identify your highest-risk exposures and address key gaps in your security posture. As the No. 1 Incident Response provider, Kroll leverages frontline intelligence from 3000+ IR cases a year with adversary intel from deep and dark web sources to discover unknown exposures and validate defenses.