But the companies' (Endgame) blog pages has some actual concrete info. Reading over the site, much of what he talks about is already implemented, or at least there is software out there that companies can get (much of it open source). To quote his page Hunting on hosts:" running processes, active network connections, listening ports, artifacts in the file system, user logs, autoruns", using Yari, etc. BUT, at least this page isn't just "buy my product" but does give some tutorials / examples of how to use various free utilities (like Sysinternals, Yari with Powershell, Elasticsearch) and he even includes CLI examples. I'm bookmarking this and will read over it later when it's not 04:32 and I should be asleep instead of posting on Slashdot LOL.
Exactly. It is not a new concept at all and something I did as a sysadmin 10 years ago when I got bored. You don't need a product, you just need to pay attention and have the management support to spend some time doing it. In more security-evolved companies, everybody contributes x% of their time doing this.