Managed service providers have entered a new era of cybersecurity. Traditional security management tools such as firewalls and intrusion detection systems (IDS) are effective for identifying known threats. However, defensive security tools are no longer a match for the ever-growing and ever-sophisticating hacking tools. GCN.com defines cyber threat hunting as “a security strategy centred on proactively searching for threats, based on intelligence about the organisation and its adversaries”.
Why traditional methods are no longer enough
As previously discussed, traditional security tools are sufficient for finding existing threats and taking a reactive approach to security whereas cyber threat hunting is the antithesis of alerting. CGN discusses “alert fatigue” where seeing continuous alerts can build apathy and frustration. This can be ineffective in threat detection. Threat hunting moves beyond “alert culture”, instead it focuses on proactively hunting for threats and attacks previously unknown within the environment. However, traditional (reactive) cybersecurity defence should be used in conjunction with proactive cyber threat hunting to cover all the bases of threat management and monitoring.
So, how does it work?
Cyber threat hunting requires an element of human intelligence, in fact, human participation is the “critical link” to executing a threat strategy that is successful. GCN says that in order to hunt, we must be able to search through logs, firewalls, databases, intranets, and clouds; these searches can vary in complexity, too. Some of the tools threat hunters harness include:
Security monitoring tools:
Threat hunters typically use traditional monitoring solutions to review firewalls, antivirus software, network security, and data loss prevention. Through this, they gather event logs from as many places as possible for analysis.
Security Info & Event Management (SIEM) solutions gather raw security data within an environment and provide real-time analysis of security alerts. SIEM tools are able to manage and compile a huge amount of data logs for threat hunters, because of this, it is also possible to find correlations and potential security threats.
Threat hunters incorporate two types of analytics tools, statistical and intelligence analysis software. Statistical tools such as SAS software use patterns rather than rules to find data anomalies whereas intelligence analytics software provides visuals for threat hunters in the form of interactive graphs and charts which can help spot correlations within the environment.
Why is threat hunting the solution?
Recently, at the 2019 SolarWinds Empower MSP conference in Atlanta, Georgia, the VP of security Tim Brown said in his keynote address that hackers and security threats can stay dormant within an environment for 140 days on average. It is no longer enough to wait for attacks to happen and then act. For a well-rounded security approach, MSP’s and security professionals must start to consider threat hunting as a viable option. Threat hunting in conjunction with traditional defensive security measures will ensure a better chance of detecting threats.
The big picture
Cyber-attacks become more frequent; a Norton study estimates that about 516,380 Australian businesses have been affected by cybercrime. Passively expecting a security breach cannot compete with the brute force of modern cyber-attacks but going on the offensive in relation to cybersecurity seems to be a modern solution when paired with traditional methods.
Milnsbridge treats IT security with the utmost importance, if you’re concerned about your business’s security, give us a call on 1300 300 293.