Can organizations proactively hunt for and deter cyberthreats? Is threat hunting and hunt analysis feasible? Cybersecurity leaders tackled these questions in this issue of our Enterprise Intelligence Brief.

2017: The Year of Threat Hunting Analysis

Cyberthreat intelligence expert Bob Stasio predicted that 2017 will be the year of threat hunting analysis. This year, he forecast, “organizations will proactively search through their networks for threats versus having an alert to indicate a problem.”

Stasio explained that threat hunting is indeed possible with the proper resources.

“Threat hunting is inherently predictive and thus requires the integration of intelligence analysis techniques,” he said. “This will require the classic integration of people, process and technology. Organizations must recruit talent for these hunting roles and pursue technology historically used in the intelligence community.”

At least a small percentage of malicious actors, he added, will be able to break through any automated security measure on the market. Intelligence hunting can fill the unincorporated gap within the cybersecurity spectrum by putting humans in the loop.

Watch the on-demand webinar: Why You Need to be Hunting Cyber Threats

“Organizations must start from the top down,” Stasio advised. “Begin by pursuing a leader with experience in the intelligence community to spearhead your hunting effort. This person should have the contacts to expand the team and the understanding to build the threat hunting platform.”

Be Proactive, Not Reactive

SecureMySocial CEO Joseph Steinberg warned that IT managers face an uphill battle to keep up with cybercriminals’ advanced tactics.

“In an effort to circumvent existing security technologies,” he said, “sophisticated, hostile actors are constantly improving their approaches and techniques. As a result, while detection tools remain critically important, proactive (and perpetually iterative) hunting for cyberthreats is necessary.”

Although most companies already hunt for threats, Steinberg said he expects to see organizations install “much more robust forms of proactive hunting” in 2017. Without it, he argued, “one or more of the growing number of advanced attacks may slip by cybersecurity countermeasures and lead to potentially catastrophic situations.”

The bottom line, Steinberg concluded, is that “utilizing a blend of approaches delivers better results than putting all of one’s cybersecurity eggs in one basket.”

Threats Lurking From Within

Scott Schober, president and CEO of Berkeley Varitronics Systems and author of “Hacked Again,” explained that most organizations have already been breached, whether they know it or not.

“Within all corporations exists a high likelihood of hidden threats that have already made way into the organization’s computer networks,” Schober said. “Corporations cannot afford to assume they are 100 percent secure, regardless of the steps they may have taken to mitigate cyberthreats and implement security precautions. Perimeter defense will always be necessary due to new advances in wireless technology, the same technology that hackers continually exploit. Therefore, the most proactive posture is to assume that hidden threats already exist within your computer networks and aim to systematically hunt these down.”

Most threats that have already penetrated a network do not instantly seize the opportunity. Security professionals must exhibit the same patience that cybercriminals apply to the long game of network infiltration. This steadied approach is the only way to detect the right patterns to facilitate the most opportune counterstrike.

Hunt Threats Before They Hunt You

Khalil Sehnaoui, founder and managing partner at Krypton Security, argued that “threat hunting is absolutely feasible and, even more so, definitely recommended.” He said that experts have been proactively pushing organizations to implement threat hunting strategies for years.

“It is important because you cannot rely on just alerts and monitoring to know your network is either safe or under attack,” he said. “Alert systems can only monitor for known threats, and the best defense remains a good offense. Threats come in many a form and the battle is continuously ongoing between defenders and attackers.”

Sehnaoui challenged companies to actively look for threats before the threats find them.

“Just like information security researchers keep looking for new vulnerabilities and exploits, organizations should keep challenging themselves proactively instead of just waiting to react to a problem,” he said. “Often, it is then too late and the harm has been done. Organizations should get started by raising the level of awareness inside the working environment, as the human element is always the greatest threat.”

Download the IBM paper on enterprise intelligence

Risk-Based Threat Analytics

Shahid Shah, cybersecurity and risk management expert, agreed with Stasio on the subject of threat hunting and hunt analysis as a growing initiative.

“We’ve had reactive security, where people respond to breaches after they occur, since the beginning of the computer security era,” he said. “Easy defensive proactive measures that focus on making sure that firewalls and data loss prevention (DLP) tools can stop the obvious breaches before they occur have also been around for a while.”

Hunt analysis, Shah explained, focuses on risk-based user behavior analytics (RbUBA), risk-based user roles analytics (RbURA) and risk-based, attribute-based user analytics (RbABUA), among many other preventative functions tied to specific risks.

“A cybersecurity group that has risk-agnostic defensive proactive measures in place will be considered a ‘table stakes’ organization, but one that focuses on risk-based offensive hunt analysis will be seen as truly innovative, catch more insider threats before they occur and prevent many external breaches from occurring in the first place,” Shah said.

Think Like a Cybercriminal

Michael A. Goedeker, CEO and founder of HAKDEFNET, said he believes threat hunting can benefit both proactive and reactive security strategies.

“Obtaining information about threats and risks is crucial to any successful security team’s training and defense posture because it raises awareness and teaches security professionals to hunt and use the same or similar skills as attackers would,” Goedecker explained. “Being familiar with the attacker’s mindset and way of doing things makes one better at detecting new threats and defending them in a timely manner.”

Start Threat Hunting Today

Cyberthreats are like diseases attacking the core of the world as we know it. Just as we proactively check for ailments and take measures to protect against those to which we are genetically predisposed, governments and corporations alike must take the same approach with cyberthreats.

Has your organization started threat hunting? Learn how you can add threat hunting to your cyberdefense strategy.

Watch the on-demand webinar: Why You Need to be Hunting Cyber Threats

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…