Security Predictions: 2018 the Year of Threat Hunting
Security pros look at lessons learned from the previous year
January marks the time of year when security pros look at lessons learned from the previous year and anticipate what threats to prepare for in the new year. I sat down with Infocyte’s Founder and seasoned threat hunter, Chris Gerritz, and our VP of Product, Rohit Dhamankar, to get their perspective on what challenges and new threats security pros should anticipate in 2018. They also offer advice on the proactive steps you can take to be ready for them.
- Make ‘I will be breached your mantra’ and prepare for it. Cybercrime isn’t going away, and attackers are only getting more aggressive. We will continue to see leaked government cyberespionage tools become weaponized by hackers in 2018, on top of new zero days. By changing your security mindset and employing new techniques like threat hunting you will be ready for stealthy attacks that make it past your first line defenses. The latest research indicates that controlling the dwell time of malware and APTs is the key to dramatically reducing business impact. By accepting you will be breached and putting proactive hunt solutions in place you will be able to detect and neutralize threats before they can cause damage.– Chris Gerritz, Founder
- Compromise Assessments will become increasingly important as malware continues to slip through traditional security defenses.
It’s already a standard best practice to run vulnerability and pen tests, but what about threats that are already in your environment? Compromise Assessments are just as important to look for malware and APTs that have slipped through defenses and are sitting undetected on your network. Aside from being a best practice, they are becoming increasingly important as new legislation governing security and data privacy are rolled out on 2018, and companies rush to purchase cyber insurance to protect themselves in the event of a breach. For example, Cyberinsurers are starting to review the state of an organization’s cyber health before issuing policies and setting premiums. Hidden threats are a liability and will increase your bottom line when purchasing a policy if you don’t have a clean environment to start with. Compromise Assessments allow you to evaluate your security posture and remediate any issues before an insurer comes in. Additionally, new regulations will become active 2018 including the NIST standards for Continuous Monitoring in the US, and Europe’s new GDPR data protection regulations. Compromise Assessments are a valuable tool to help achieve compliance by providing a mechanism to measure and check that your security controls are working, and quickly address any found issue.– Chris Gerritz, Founder
- Alert fatigue will continue to plague enterprise SOCs. Organizations receive an average of 17,000 malware alerts per week, of that, fewer than 20 percent are worthy of examination—only 4 percent of all valid threats are investigated. Why? Alerts often require human oversight and validation to confirm if the alert it is legitimate. Most organizations simply don’t have the resources to investigate every alert or the expertise to recognize advanced threats. Companies need to invest in technologies in 2018 to help triage and investigate the volumes of security alerts. Solutions that automatically triage alerts from a SIEM, network or endpoint product to weed out false positives and quickly identify which to escalate will reduce the time and resources needed to comb through volumes of false and low priority alerts.– Rohit Dhamankahr, VP of Product
There’s one common thread to these predictions and prescriptive actions – the key to good security is to proactively look for indications that you’ve already been breached. According to the December 2017 Hacker’s Playbook Findings Report, the malware infiltration success rate for the 3,400 security breach methods tested was over 60%. It also found that once an enterprise is breached, hackers can navigate laterally through the network more than 70% of the time. Despite layers of security that companies have invested in (and need to maintain), the odds are in favor of the hackers.
The simple truth is that enterprises need to be proactive and employ new security countermeasures to combat the disturbing hacker success rate. Threat hunting, compromise assessments, and alert triage are essential to flush out the 60% of malware that is able to successfully penetrate your security defenses before real damage can be done.
Make 2018 the Year of Threat Hunting
Infocyte HUNT provides an easy-to-use, yet powerful solution to significantly reduce the dwell time of attackers (the time between infection and discovery), and limit the business impact by enabling your organization’s IT and security professionals to proactively discover malware and persistent threats, active or dormant, that have successfully breached existing defenses.
The Infocyte platform uses patent-pending Forensic State Analysis (FSA) techniques to scour your endpoints and look for irrefutable evidence of malware that has successfully bypassed your defenses. It can also be used to vet alerts captured by your SIEM and prevent wasted time on innocuous alerts and/or false positives. Infocyte HUNT offers a fast and cost-effective solution to detect threats and triage alerts, so you can take swift action to ensure the security of your networks.
Learn more about how Infocyte’s patent-pending automated FSA approach can help you detect the 60% of successful infiltrations, and make 2018 the year of threat hunting!
Infocyte is an easy path to implement EDR or MDR for mid-size organizations. Learn more from Forrester's Now Tech Report here.
Interested in Sunburst and how to address compromises on your network?
Test out Infocyte's endpoint detection and response platform for free with our community edition: