W
Sameer Basha , Security Consultant GCC , Check Point Software Technologies – Middle East
What is threat hunting and why is it relevant to CISOs ?
Threat hunting is a proactive approach for finding and remediating undetected cyberattacks . It is a process that involves searching for Indicators of Compromise ( IoC ), investigating , classifying and remediating . It is the practice of searching for cyberthreats that might otherwise remain undetected in your network . Threat hunting can be IoC-driven , in which the hunter investigates an indicator provided by external or internal sources . It can also be hypothesis-driven , in which the hunt begins with an initial hypothesis or question .
CISOs want to have this tool to proactively hunt and investigate incidents based on indicators provided by threat alliances , Open-Source Intelligence ( OSINT ), or external intelligence . Proactive remediation is always better than a reactive one .
What types of threats can be found on the network and how do threat hunting techniques help to tackle these ?
Many businesses are trying to protect their IT environments against current attacks with security technologies that are now obsolete . They are stuck in the world of second and third generation security , which only protects against viruses , application attacks and payload delivery . Networks are left exposed to threats like C & C communication , ransomware attacks , phishing attacks , spear phishing , Man in the Middle ( MitM ) attacks , Denial of Service or Distributed Denial of Service ( DDoS ). Threat hunting enables organisations to proactively find such attacks in their infrastructure and remediate them in initial stages . In the absence of threat hunting , the attacks will be detected in a reactive manner and in many cases after considerable damage has been done to the business .
Can you describe your threat hunting strategy and how this helps to avoid potential cyberattacks ?
Check Point Software Technologies has taken a holistic approach to provide a
FEATURE
threat hunting feature across the network , endpoint , email , mobile , IoT and cloud infrastructure . Check Point has developed the infinity portal that enables customers to consolidate their security vision under a single platform that helps in minimising their risks , accelerating their operations and optimising their security investments . Infinity vision XDR is an offering on the infinity portal which automatically detects and remediates threats . It consolidates all the events generated by all the Check Point products . By utilising the infinity XDR , Check Point customers can hunt for indicator of comprise across the entire infrastructure . Check Point is also offering Synchronicity service to customers where Check Point Security Operation and incident response experts will proactively monitor , hunt for threats and remediate them across the board .
Organisations should choose the right tool that meets their requirements and have the right skillset to execute the threat hunting process .
What is the role of threat hunting in business and how does it work as a combined approach with technology ?
Cybersecurity is a business enabler and threat hunting , therefore , is a very important tool to proactively prevent cyberattacks and keep the business functional . It involves using manual and software-assisted techniques to detect possible threats that have eluded other security systems . In addition to having a threat hunting process linked to information security policy , an organisation should choose the right technology that meets their business requirements . Threat hunting www . intelligentciso . com
49