There is very often a fallacy in the world of Cybersecurity that simply implementing various types of Security Technologies towards the lines of defenses of a business or a corporation will mean greater levels of protection.
While in theory this may be true, but reality often dictates the opposite of this. For example, by simply deploying various Security tools, you are actually increasing the attack surface for the Cyber attacker.
A CIO or a CISO may think that deploying ten firewalls is better than just having one in place. With this thinking, they have given the Cyberattacker nine more avenues in which to attack the vulnerabilities and weaknesses of the IT Infrastructure.
Instead, it is far better to spend the critical financial resources for just two firewalls, making sure that they are strategically placed where they will be the most effective.
This mindset of determining where Security Assets need to be placed is actually a very proactive one. The primary reason for this is that CIO/CSIO’s and their IT Security staff are taking the time to discover what areas are most at risk in their organization as well as what tools will be most effective and where, rather than spending money in a haphazard fashion.
In fact, this preemptive way of thinking needs to be extended to the world of Threat Hunting as well. With this, the IT Security staff are using various kinds of methodologies and tools in order to scope out and mitigate the risks of any Cyberthreats that are lurking from within their IT Infrastructure.
Being successful at doing this on a daily basis requires that the CIO/CISO and their IT Security staff to go above and beyond the proverbial “extra mile”. How this can be achieved is reviewed in this series of blogs.
A Formal Definition of Proactive Threat Hunting
A formal definition of proactive based Threat Hunting is as follows:
“[It] is the process of proactively searching through networks or datasets to detect and respond to advanced cyberthreats that evade traditional rule- or signature-based security controls. Threat hunting combines the use of threat intelligence, analytics, and automated security tools with human intelligence, experience and skills.”
In other words, there are two sub components of this definition:
This process can be diagrammed as follows:
Despite the importance of Threat Hunting in Cybersecurity today, not too many businesses and corporations are implementing it, which is observed by these stats in a recent survey in which 306 organizations were polled:
Why are businesses and corporations not taking a proactive approach to Threat Hunting? The following reasons are cited:
Despite these obstacles, proactive Threat Hunting is still a much-needed function for every business and corporation and is a process that can be achieved.
In our next blog, we examine how your IT Security staff can actually initiate the Threat Hunting process and the various components that are involved with it.
Information contained on this page is provided by an independent third-party content provider. Frankly and this Site make no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact email@example.com