David Bianco

David is a member of Splunk's SURGe team, where he conducts research in incident detection and response, threat hunting, and Cyber Threat Intelligence (CTI). He is also a SANS Certified Instructor, where he teaches FOR572 Network Forensics and Threat Hunting.

Learn 8 Min Read

What Is Threat Hunting?

The goal of threat hunting is not only to find more security incidents but to improve automated detection capabilities over time. Learn how and why.

Security 11 Min Read

Hypothesis-Driven Cryptominer Hunting with PEAK

A sample hypothesis-driven hunt, using SURGe's PEAK threat hunting framework, looking for unauthorized cryptominers.

Security 5 Min Read

Measuring Hunting Success with PEAK

Splunker David Bianco explains how an effective threat hunting program is one of the best ways to drive positive change across an organization’s entire security posture.

Security 4 Min Read

Turning Hunts Into Detections with PEAK

In this post, we’re going to look at something the PEAK framework refers to as the Hierarchy of Detection Outputs.

Security 9 Min Read

Baseline Hunting with the PEAK Framework

Splunker David Bianco provides an in-depth look at baseline hunts, also known as Exploratory Data Analysis (EDA) hunts.

Security 10 Min Read

Trust Unearned? Evaluating CA Trustworthiness Across 5 Billion Certificates

In this blog post, we dive into our recent research project, in which the Splunk SURGe team analyzed more than five billion TLS certificates to find out if the CAs we rely on are really worthy of our trust.