SMB Security Threats BeStructured 1

There is very often a fallacy in the world of Cybersecurity that simply implementing various types of Security Technologies towards the lines of defenses of a business or a corporation will mean greater levels of protection.

While in theory this may be true, but reality often dictates the opposite of this.  For example, by simply deploying various Security tools, you are actually increasing the attack surface for the Cyber attacker.

A CIO or a CISO may think that deploying ten firewalls is better than just having one in place. With this thinking, they have given the Cyberattacker nine more avenues in which to attack the vulnerabilities and weaknesses of the IT Infrastructure.

Instead, it is far better to spend the critical financial resources for just two firewalls, making sure that they are strategically placed where they will be the most effective.

This mindset of determining where Security Assets need to be placed is actually a very proactive one.  The primary reason for this is that CIO/CSIO’s and their IT Security staff are taking the time to discover what areas are most at risk in their organization as well as what tools will be most effective and where, rather than spending money in a haphazard fashion.

In fact, this preemptive way of thinking needs to be extended to the world of Threat Hunting as well.  With this, the IT Security staff are using various kinds of methodologies and tools in order to scope out and mitigate the risks of any Cyberthreats that are lurking from within their IT Infrastructure.

Being successful at doing this on a daily basis requires that the CIO/CISO and their IT Security staff to go above and beyond the proverbial “extra mile”. How this can be achieved is reviewed in this series of blogs.

A Formal Definition of Proactive Threat Hunting

A formal definition of proactive based Threat Hunting is as follows:

“[It] is the process of proactively searching through networks or datasets to detect and respond to advanced cyberthreats that evade traditional rule- or signature-based security controls. Threat hunting combines the use of threat intelligence, analytics, and automated security tools with human intelligence, experience and skills.”

(SOURCE:  1)

In other words, there are two sub components of this definition:

  • Being proactive in any type of Threat Hunting exercise means that the CIO/CISO has to break away from the conventional ways of thinking, and have the ability to “think out of the box”.  For instance, what works in one situation more than likely will not work in another due to Cyberthreat landscape changing on a very dynamic basis.
  • Being proactive simply doesn’t involve the use of the latest and most sophisticated Threat Hunting tools. Rather, it takes not only that, but the use of reliable information and data as well as deep motivational levels, experience, and technical know-how from the IT Security staff.

This process can be diagrammed as follows:

  1. Intelligence
  2. Metrics
  3. Technical Know-How
  4.  Tools
  5. People
  6. Visibility

(SOURCE: 1)

Despite the importance of Threat Hunting in Cybersecurity today, not too many businesses and corporations are implementing it, which is observed by these stats in a recent survey in which 306 organizations were polled:

  •    Only 27% of the respondents actually had a well-defined Threat Hunting methodology and were actually utilizing it;
  •    Only 45% of the respondents had a formal plan in place in order to launch and execute a specific Threat Hunting exercise.

(SOURCE: 2)

  •    88% of businesses feel that their existing Threat Hunting approaches need to be greatly improved;
  •    56% of organizations feel that conducting a Threat Hunting exercise with their own resources (or “in-house”) takes too long and consumes resources from carrying out other IT Security related duties;
  •    53% of organizations feel that their Threat Hunting methodologies and activities are actually “tipping off” Cyber-attackers.

(SOURCE:  3)

Why are businesses and corporations not taking a proactive approach to Threat Hunting?  The following reasons are cited:

  •      The use of different tools can make Threat Hunting a very time-consuming proposition;
  •      The collection of information and data can be a very labor-intensive process which requires third part involvement and verification;
  •      There is not enough time to conduct proactive based Threat Hunting exercises because the IT Security staff has to respond to so many false alarms that are sounded off on a daily basis;
  •      Because of the enormous time constraints that are involved, only about 1% of all Security Alerts are actually probed into and further examined (SOURCE:  4);
  •      Threat Hunting can be a huge financial drain;
  •      Threat Hunting requires a very special kind of mindset – recruiting candidates for this specific talent can be very difficult.

Despite these obstacles, proactive Threat Hunting is still a much-needed function for every business and corporation and is a process that can be achieved.

Conclusions

In our next blog, we examine how your IT Security staff can actually initiate the Threat Hunting process and the various components that are involved with it.

Sources

1)    “Proactive Threat Hunting Combining the Use … – Raytheon.com.” Raytheon, www.raytheon.com/sites/default/files/cyber/rtnwcm/groups/iis/documents/content/proactive-hunting-datasheet.pdf.

2)    “Proactive Threat Hunting: Taking the Fight to the Enemy.” Dark Reading, www.darkreading.com/partner-perspectives/juniper/proactive-threat-hunting-taking-the-fight-to-the-enemy-/a/d-id/1331084.

3)  GLOBAL THREAT REPORT – Go.crowdstrike.com. go.crowdstrike.com/rs/281-OBQ-266/images/Report2018GlobalThreatReport.pdf.

33 thoughts on “Threat Hunting: Being Proactive – Part 1

  1. Proactive thread hunting is a must for every company. trying to detect a cyber attack before it happens greatly protects the company… Spot on

  2. It is really a must to be more secure with the IT service. Having a full and proper cyber security training will help the company with its deal, for its proactive thread hunting.

  3. BeStructured really has the great IT Services. I’ve heard this proactive thread hunting and it is perfect.

  4. As they say, prevention is better than cure. That is why security measures are in play. However being proactive will really depends on the people utilizing it. With that said, computer training is vital and should be placed in the mix.

  5. I can’t see why threat hunting isn’t good. A company should invest in computer training if not yet utilized.

  6. Be proactive is one of the qualities needed in cyber security training. Without that things go haywire and the business data might be in danger. This is a service that needs utmost protection.

  7. You definitely need IT support from an experienced IT company. I also love the idea of thinking outside the box, for cyber-threats.

  8. For any business owner to be able to identify and use the latest and sophisticated IT security tools, they need a company that will provide IT services suitable for that specific company. So much to learn here.

  9. It will take a lot of understanding for my companies to move away from the conventional way of thinking in terms of cyber security. That’s why IT Outsourcing is important, because tech gurus will help you get away from this.

  10. The Los Angeles Computer Company is definitely doing their job. I’m amazed at how they do it. Hope it continues in the future!

  11. Definitely people shouldn’t relent in going for threat hunting and they should be proactive about it. This Los Angeles Computer Company can readily be of help

  12. When IT outsourcing it’s good practice to find out the methods whoever you are contracting will use to fight cyber threats. Proactive threat hunting is a very attractive proposition.

  13. Proactive threat hunting should be emphasized more in IT consulting. It’s a practice that more and more companies should pick up.

  14. It’s a pity not many companies have embraced proactive threat hunting. With so many Los Angeles IT consulting firms this shouldn’t be the case at all.

  15. This is one of the services provided by the leading Los Angeles MSP Be Structured. Thanks a lot for being a market leader in this.

  16. The importance of proactive threat hunting should be emphasized more in IT consulting. A lot of companies haven’t adopted this mainly due to lack of information.

  17. Even though it’s labor intensive, it sounds like Threat Hunting is IT Outsourcing at its best. I think the long term results outweigh the initial struggles of recruiting and building infrastructure. Thanks for the informative article.

  18. Whether it is a computer company or whatever threat hunting is a must both physical and digital. Being in the digital age has a lot of risk.

  19. What a good news that there’s a Los Angeles MSP in the Be Structured that can provide all our concerns in security. Thanks for sharing this very informative article.

  20. IT Outsourcing can be vital in this as well. As they say the more heads the better. In particular on the security side of things or in this case proactive.

  21. In addition to this, computer training is also necessary to be well prepared for threats. Its importance cannot be overlooked.

  22. A crucial part of the IT support also involves staging mock attacks to see how strong the system is. It’s always good to test it out.

  23. Threat hunting is one IT service that everyone or every company should employ to avoid risk in business. I definitely agree with the points raise in this blog.

  24. Whenever doing IT outsourcing it’s good practice to be sure that whoever is handling your IT needs employs these methods in securing you against cyber attacks. They are industry proven methods that actually work.

  25. It’s very true as pointed out in the article that many companies will think that their IT services are secure by having more firewalls instead of a few that are actually effective. I quite like the latter approach.

  26. In my opinion a proactive organization should invest in computer training for its staff so that they can internally be able to deal with threats before looking for outside help. Sometimes fast action is the key to successfully dealing with a cyber attack.

  27. The approach explained here should be adopted by people to cheat cyber attacks. Better still consult with this Los Angeles IT Support to get immediate help if the need arises

  28. Thanks for sharing this article, I can see why many people looks Los Angeles IT Services to keep thie business safe by isong security tecnologies and prevent hackers and threats.

  29. This sounds like Los Angeles IT Outsourcing at its finest for substantial, long lasting protection. I think it’s worth familiarizing yourself with this software even if it’s time consuming. I would love to see the stats rise up for Threat Hunting because of its expert intelligence and analytics.

  30. I agree but what threats exactly viruses? Hacking ? In any case it makes Los Angeles IT Service a lot more reliable and I love that. The tighter the security the better.

  31. The very reason why Los Angeles IT consulting is above their game is by providing counter measures to cybersecurity by threat hunting proactively.

  32. Determining the threats that may be done internally but sometimes it can be baffling. There is indeed a need to get professional opinion and IT outsourcing can do the trick.

Leave a Reply

Your email address will not be published. Required fields are marked *