Modern warfare is increasingly fought not with guns and bombs but with weaponized software. State-backed hackers in North Korea are currently setting their sights on critical infrastructure in the United States with the aim of knocking out power in the country, cybersecurity researchers have warned. Securing critical infrastructure is a priority for national security reasons, but the traditional view of security solely as a defensive measure is not enough to protect these systems; a proactive approach to security in tandem with defensive tools is best way forward to prevent catastrophe and keep people and commerce going.
Last week in a Live Webinar we looked at the pitfalls of relying solely on Endpoint Detection (EDR) software for proactive threat hunting and examined some of the common misconceptions about the comprehensiveness of the data collected by many EDR solutions. The intention was not to discredit EDR or to say a forensic state analysis (FSA) approach is better, but to reflect on the different approaches to threat hunting which might be more appropriate for your use case. If you couldn’t join us here’s quick overview of what was covered.