Page 100 - Cyber Defense eMagazine forJune 2021
P. 100
Proactive threat hunting
The networks of today are complex, offering various different places for a cyber hacker to conceal
themselves. And regrettably, it’s not uncommon for invasions to go undetected in networks for long
periods of time. In fact, a 2020 report revealed that it takes organizations an average of 280 days to
identify and contain a data breach, but organizations can’t afford to wait this long. In this time, a cyber
hacker can be moving through the network, infiltrating systems and stealing information, making an
organization’s data increasingly endangered.
And the length of time can even be longer than this; in the 2018 Marriott International data breach,
hackers were accessing the network for over four years before they were found, which resulted in the
records of 339 million guests being exposed. The hotel chain were then victim to a second data breach
last year after cyber criminals had been in the network for over one month, impacting approximately 5.2
million guests.
It is now more essential than ever for organizations to be able to analyse contextual data in order to make
informed decisions regarding their network security policy. This is not possible without 24/7/365 managed
detection and response (MDR) tools for proactive threat hunting that uses event monitoring logs,
automated use case data, contextual analysis, incident alerting and response and applying tactics,
techniques and procedures (TTPs) to identify issues that improve an organization’s security position.
Detecting cyber criminals
Cyber security analytics tools can capture data and detect evasive and malicious activity, wherever these
threats are in the network in real-time. Producing fine-grained policies and applying these is one step
security teams can take to proactively detect and remediate malicious activity instantly. With policy
enforcement, attackers will find it very difficult attempting to make lateral ‘east-west’ movements or stay
undetected in any section of the network, as the security team will have full visibility of the network and
be able to protect against threats across all attack surfaces across all managed endpoints with a unified
multi-layer approach. This incorporates policy generation and enforcement MDR tools that can provide
significant insight into the overall reliability, impact and success of network systems, their workload and
their behaviour to identify threats and proactively respond and secure valuable information..
In reality, this means that security teams can take measurable steps towards controlling system access
of the network environment; identifying who is in the network, who should be able to access what data
and which applications, and being the first to detect indicators of compromise (IOC).
Taking action
If security teams want to stay ahead of cyber criminals, they should consider implementing threat hunting.
Organizations no longer have to wait to be alerted of a data breach before taking action; today it is vital
to have a full picture of the complete network in real-time, including extending these capabilities to
teleworkers, so that unusual activity can be recognized and stopped immediately, before any damage
occurs. With strong MDR tools at the center, organizations can guarantee a strong and effective security
Cyber Defense eMagazine – June 2021 Edition 100
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.