“Threat Hunting: Changing the Mindset of Security Operations.”
I recently had the opportunity to become an IT Security Planet “Expert,” giving me the ability to share my opinion on information security news and trends with their audience of savvy security pros. In my first “Expert’s Corner” article, excerpted below, I share my thoughts on “Threat Hunting: Changing the Mindset of Security Operations.”
Prevention. Detect and Respond. Defense in Depth. Enterprise security strategies have continued to evolve in response to ever increasing threats. Once upon a time, putting up a firewall and installing antivirus were enough to keep a clean network. Now, security breaches are commonplace—even expected—despite our best efforts to keep hackers out.
We can build our walls higher and higher, but against a persistent adversary, prevention is bound to fail. What then? Traditional security operations use a detect and respond approach: wait for sensors (Intrusion Detection System or antivirus) to alert on an event, then investigate that alert. In a properly instrumented network, these events can be detected hundreds of times a day—far too many to handle with limited staff.
It’s time to change our approach to security and empower the enterprise with proactive strategies to identify and eradicate malware and other persistent threats.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »