It’s not a matter of “if” but “when” organizations are breached. That’s the premise that Federal agencies operate under and it’s one that would be prudent to follow. With an Assumption of Compromise, it’s assumed that threat actors are currently living off the land (LTOL) using applications and protocols already available in workloads. Why LTOL and similar attacks can go unnoticed is because of a critical gap in traditional logging that is often overlooked. Learn why relying on logs from a firewall or router as the single source of truth is not enough. In this session, we will take a broad look at logging from the perspective of government threat hunting, and how it can be greatly enhanced with network-derived intelligence to make it far more resilient and harder for bad actors to defeat.