FEATURE
is necessary simply because no cybersecurity protections are always 100 % effective . An active defence is needed , rather than relying on ‘ set it and forget it ’ security tools .
How is threat hunting beneficial to operations and how does it create a resilient cyber infrastructure ?
Proactively detecting threats keeps business operations functional . Identifying cyberattacks before they spread can save weeks of business disruption and damage to reputation . Threat hunting is an important component of cyber-defence infrastructure as it aids in detecting cyberattacks at very initial stages and thereby adds more resilience to the cyber infrastructure .
How do automation tools such as AI and ML contribute to the process ?
AI and Machine Learning ( ML ) can enhance the threat hunting process to a great extent . Threat hunting tools depend on IoC information and are supplied via play books or pre-defined queries . ML generates new threat hunting leads based on suspicious and abnormal behaviours which stay under the radar . It can also prioritise leads based on likelihood calculated by Machine Learning . In summary , Machine Learning can enable faster collaboration of play books to reduce the attack detection time , false positives and provide predictive queries based on previous cyberattacks .
What best practice advice would you offer other security leaders intending to use this process to secure their network ?
Collecting an adequate quantity of high-quality data , as poor quality data inputs will result in ineffective threat hunting . Data collected can include log files , servers , network devices , databases and endpoints . Threat hunters must search for patterns and potential Indicators of Compromise ( IoCs ). If you ’ re monitoring , you must have someone looking at the logs . Too often , organisations don ’ t have enough resources and manpower to dedicate to ongoing intrusion detection monitoring and then respond accordingly . Proactively hunting threats is a must for every organisation and is a continuous
Proactively hunting threats is a must for every organisation and is a continuous process . process . Organisations need to develop a process for threat hunting linked to their information security policy . Organisations should choose the right tool that meets their requirements and have the right skillset to execute the threat hunting process .
Looking ahead , how should organisations include threat hunting in their cybersecurity approach ?
Considering the cybersecurity landscape , threat hunting is a must today . Every organisation should have a threat hunting process derived from their information security policy . Based on their business needs , they should adopt a tool for threat hunting . If they don ’ t have internal resources to carry out the procedure , they should look for outsourced partners who can offer threat hunting as a service , provided that the administrative controls like NDA and contracts are in place . Using manual and software-assisted techniques to detect possible threats that have eluded other security systems can be effective . More specifically , tasks like :
1 . Hunting for threats existing within the organisation ; anything an attacker could implant to exfiltrate information and cause damage
2 . Hunting for threats proactively that arise anywhere worldwide
3 . Setting a trap and essentially waiting for threats to hunt you u
50 www . intelligentciso . com