Cyber Security Threats : Still Stronger than before..
It’s no secret that expecting security controls to block every infection vector is unrealistic. For most organizations, the chances are very high that threats have already penetrated their defenses and are lurking in their network. Pinpointing such threats quickly is essential, but traditional approaches to finding these needles in the haystack often fall short.
Now there is a unique opportunity for more feasible, more effective threat hunting capabilities, and it stems from a most unusual effort: rethinking the approach to wide area networking.
The simple fact is, infection vectors change rapidly and continuously. Attackers use new delivery methods – everything from social engineering to zero-day exploits – and they often are effective. Unfortunately, most organizations still focus more of their resources on prevention rather than detection. The primary tools they deploy today include firewall, anti-spam, sandboxing, IPS (intrusion prevention), intelligence feeds, URL filtering, anti-malware, and anti-bot.
These solutions are designed to be in front of what’s left of the perimeter to prevent infection attempts. Once a threat slips through the perimeter, however, the tool can’t see or stop it.
Threat hunting is on the rise
This has given rise to the notion of “threat hunting,” or the process of proactively searching the network for threats that have evaded existing security measures.
Threat hunting requires a shift to a post-infection mentality and sets of tools such as SIEM (security incident and event management), EDR (endpoint detection and response) and NDR (network detection and response).
Even with these tools, threat hunting is a challenge for a variety of reasons. For one thing, these solutions are “heavy.” They require some kind of data collection that involves installing agents on endpoints and/or hardware placed on networks.
With new attacks being reported every week it can seem that the war on cyber crime is an uphill battle that cannot be won, but by following best practices and developing your organisations overall understanding of the risks posed you can find yourselves in a much more secure position. There is no way to completely ensure your system is impenetrable, but you can make your company less of a target and ensure that you are in the best position to thwart attacks that may be attempted.