I recently had the opportunity to become an IT Security Planet “Expert,” giving me the ability to share my opinion on information security news and trends with their audience of savvy security pros. In my first “Expert’s Corner” article, excerpted below, I share my thoughts on “Threat Hunting: Changing the Mindset of Security Operations.”
Prevention. Detect and Respond. Defense in Depth. Enterprise security strategies have continued to evolve in response to ever increasing threats. Once upon a time, putting up a firewall and installing antivirus were enough to keep a clean network. Now, security breaches are commonplace—even expected—despite our best efforts to keep hackers out.
We can build our walls higher and higher, but against a persistent adversary, prevention is bound to fail. What then? Traditional security operations use a detect and respond approach: wait for sensors (Intrusion Detection System or antivirus) to alert on an event, then investigate that alert. In a properly instrumented network, these events can be detected hundreds of times a day—far too many to handle with limited staff.
It’s time to change our approach to security and empower the enterprise with proactive strategies to identify and eradicate malware and other persistent threats.