By Kris Lovejoy
March 17, 2017
In today’s threat landscape you either hunt or you’re hunted. As organizations around the world are dealing with the sophistication of today’s hackers, they are recognizing that proactive approaches are needed to address advanced cyber threats. In many cases, they are turning to new concepts like cyber hunting.
Cyber hunting is a term that many individuals in the security industry are trying to understand. Tasked with seeking out indicators and remnants of malicious activity, some organizations are taking the necessary steps to proactively hunt for cyber adversaries to protect the “crown jewels” of their organizations. While the perception currently is that cyber hunters are uniquely skilled analysts with a sixth sense for finding relevant threats, the reality is that technology has significantly simplified a process that used to be manual and extremely time-consuming.
Today cyber hunting is available to the masses, thanks to technologies such as machine learning, which make it much easier for organizations to spin up teams to proactively pursue advanced persistent threats.
Threat actors and malware authors are becoming creative and have had many years to develop strategies to defeat today’s most common detection techniques. The evidence of their success is widely known, and the need for new approaches, such as supervised machine learning, is essential if network security operators are able to reduce the risk of costly data breaches and the resultant forensic investigations and eradicate/mitigate/restore activities.
For the ordinary enterprise, the hunt needs to begin before assets are even compromised. As threats continue to sidestep traditional approaches, organizations need to leverage machine learning detection engines to help focus hunting activities around promising leads. With such an approach, organizations can scale analyst capabilities, automate second-stage content analysis, collect network metadata, and correlate events to rapidly assess each lead. As leads are evaluated by the operator, the machine learning algorithms are retrained to improve itself by learning from not only mistakes but also successes. Once machine learning begins within a particular environment, defenses begin to evolve. What was once an approach available only to elite analysts, can now be scaled to the enterprise.
Click here for more information on our InfoSec World Conference & Expo in Orlando from April 3-5.
About the author: Kris Lovejoy joined Acuity Solution, provider of BluVector, in 2015. She previously served as general manager of IBM’s Security Services Division, charged with development and delivery of managed and professional security services to IBM clients worldwide. In addition, she served as its Global CISO and VP of Information Technology Risk. She will be presenting “Rise of Cyber Hunting: Not Falling Victim to Undetected Breaches” during InfoSec World 2017.
More Infosec Articles