Proactive Security and Why Every Business Needs It… Yesterday

THE REALITY OF THE “THREAT LANDSCAPE”

The “threat landscape” is a term that is often thrown around carelessly in cyber security marketing circles that refers to all existent cyber threats that could impact an organization. The simple fact for most companies, however, is that in order continue to do business in cyber space, the threat landscape isn’t just a buzzword, it is something that must be contended with, defended against, and dealt with, and the statistics bear this out: there are now more than a billion malware programs and variants known, and more than 560,000 new pieces of malware are detected every single day. The result of this rather staggering number is that data breaches set a new high last year with 1,862 identified breaches, representing a 68% increase from 2020, and surpassing the previous record set in 2017.

PROACTIVE SECURITY FLIPS THE SCRIPT ON ADVERSARIES

The objective of most corporate security programs is to mitigate the risks associated with that threat landscape — like ransomware, nation states adversaries, malware, vulnerabilities, and exploits. The troubling reality, however, is that most of these threats begin their lives as something entirely undetectable by even the most sophisticated modern-day security tools (and by extension the security programs and analysts that monitor them). This is because security tools can only detect the threats they know about. This means that all but the most disconnected of companies are immensely vulnerable when a new threat emerges. Threat hunting, however, flips the script on that paradigm and starts off with the assumption that something got through. Hunt teams, or highly specialized analysts, proactively hunt through your environment looking for telltale suspicious or malicious behaviors by users and programs that might belie a compromise. Once something is identified, they triage, investigate, and respond.

WITH PROACTIVE SECURITY EVERYONE CAN THREAT HUNT

How do you start threat hunting? The practice of threat hunting is often seen as intimidating for organizations. That is because the perception is that threat hunting demands resources and security maturity that is unattainable for all but the largest companies. That can be true for the highly sophisticated hunt teams found in various military and intelligence agencies, but even a single well-equipped hunter can begin the practice of proactive security for a company.

YOU CAN ONLY HUNT WHAT YOU CAN SEE

It is critical to put visibility — at the network and endpoint levels — first to ensure success for proactive security. This is because a hunter is only as good as the data he has to hunt in.

PROACTIVE SECURITY IS A LONG GAME STRATEGY

While establishing a threat hunting capability — even if it is just a single hunter — is a great move towards proactive security, it is crucial to understand that threat hunting is a “long game strategy.” It may be that your hunt team discovers something on their first hunt, but like actual hunting there will be many hunts where hunters come back empty-handed. However, these instances should not be looked at as failures, instead, they should be treated as confirmation that an organization hasn’t been impacted by the sought for behaviors yet.

YOU DON’T HAVE TO HUNT SOLO

Proactive security, especially threat hunting, can seem unattainable, especially if you are a medium to large organization with only a small team (or even a single threat hunter). One way to scale a small team, without adding additional costly resources, it to enable them to be more efficient and focus on hunting itself and not the pre-hunt work like research, testing, and validation. This can be done by partnering with a trusted vendor to provide the hunting content that fuels the individual hunts your team carries out.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

452 Followers

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.