Page 224 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 224

Feeling  rather  confident  in  your  plan,  you  retire  for  the  evening  and  look  forward  to  the  next  day.
            Hopefully, the lack of ability to bypass the perimeter security will frustrate the groups outside the wall,
            and eventually, they will disperse.

            Managed Detection and Response has been the status quo for the cyber security industry for quite some
            time  now.  There  was  a time,  though,  when  it  seemed  like  MDR  was  on  the  way  out  and  Extended
            Detection and Response (XDR) would take over because of the ability to paint a clearer picture of what
            was going on outside your gates.

            Imagine this same process going on for years. The same events get reported over and over again. There
            is more wood and nails being delivered each day. A few individuals try to breach the gates but are
            deterred by your defenses. On and on it goes. This is what we call event fatigue and what we observed
            is that eventually, your team gets tired of paying attention to the details. On the outside, the city looks
            completely secure and there is no need to worry.

            Great. Until one morning, the groups outside are gone. Just like that, they have all disappeared and the
            only thing that remains is a wooden horse parked just outside of the gate with a note that reads: “A gift
            for you.”

            What do you do?




            Defending Troy with Dynamic Threat Hunting (DTH)
            At this point, we all know the story. The city rejoices and the gift is brought inside where the unsuspecting
            city of Troy falls to the adversary.

            Wouldn’t it have been nice to know that the local sawmill workers have been working overtime for the
            last 10 years, milling more wood than the city needed? Or that the blacksmith spent his extra time crafting
            millions of nails and tools?

            Wouldn’t it have been great to understand that during the dark of night, there were meetings going on
            between people inside the city and the leaders of the external threat groups? Together, they were coming
            up with a creative plan to deceive the sentries and evade being noticed?

            Not every breach has an inside threat component to it, but sometimes, people, processes, and technology
            lend themselves to being an easy target. Like assigning everyone local admin rights to their individual
            computer so that when a link is clicked in a phishing email, the attacker now has absolute control over
            that machine.

            Dynamic Threat Hunting is when you pair the wire-speed of AI and ML with the creative understanding
            of human Threat Hunters to provide an intelligent, context-aware, and just-in-time security operation that
            not only collects and analyzes the data but actually thinks like attackers and looks beyond the data, alerts,
            and events.

            To the trained Threat Hunter, a simple daily event can be the key to turning a scouting session into a
            deep hunt. Pairing that with the speed of machines processing messages and telemetry about what is





                                                                                                            224
   219   220   221   222   223   224   225   226   227   228   229