EDR: Commissioner Threat Hunter

March 22, 2021
| No comments
EDR: Commissioner Threat Hunter

Share post

People are still the most important factor in preventing and defending against cyber attacks. No cyber security can fend off every attack and close every gap. Many organizations rely on increasingly sophisticated defense technologies.

But as is so often the case, the attackers are one step ahead of IT security - because they know the defense tools inside and out and therefore know every loophole, no matter how small. So technology alone is not enough. It is all the more important that companies proactively position themselves with the help of experts, identify risks in advance and minimize damage as quickly as possible in an emergency. In view of increasingly complex hacking methods, technology is not enough. As long as there are human hackers, they must face human defenders. The following four theses show what is important for intelligent IT security and what role the human factor plays.

1. Analyze first, then shop

Most IT security teams grapple with defense technologies and tools before they even know what they're supposed to do. This is the wrong approach, as there is no magic bullet for cyber security. Every company has its own risks, gaps and attackers - depending on the industry, the business processes, the technologies used and the type of data to be protected. Anyone who acquires IT security without knowing their specific risks usually has to buy additional software later. This makes the defense more and more complex.

The opposite way is the better. First of all, it is important to intelligently analyze your own status and then create your own risk profile. For example, a company that knows it is a target for spear phishing by the APT-40 group should use advanced authentication tools and be able to detect anomalies. These tools can then not only prevent identity theft. Companies also find out when attackers use compromised credentials.

Based on an intelligent inventory, IT security teams are able to coordinate the functionalities of the defense with one another in order to reduce risks. The order for this is as follows:

  • Intelligent analysis;
  • Identification of risks;
  • Breaking down necessary defense functions into technical requirements; as
  • Testing a technology platform under these specifications.

2. Proactive and practical intelligence

Daniel Clayton, VP of Global Support and Services at Bitdefender

Daniel Clayton, VP of Global Support and Services at Bitdefender

Chief Information Security Offices (CISOs) can no longer just react, they have to be active in advance. Most decision-makers know the crucial role of intelligent threat analysis. However, this should provide operationally implementable insights in order to help companies compete with the attackers.

Such applicable intelligence provides companies with the following information.

  1. Timely information: Then those responsible can react before an external action hinders the processes in the company.
  2. Relevant information: They concern events that can hinder processes in companies. An example are references to industry-specific attacks that attack a certain technological platform that is implemented at the customer. In this case, countermeasures are necessary and should be practicable.

This intelligence works both in the short term and in the long term

  1. It supports the cyber security of companies tactically and operationally with timely and actionable information. Index values ​​express how badly systems are compromised and where attacks are imminent.
  2. It provides operational support with forecasts as well as information on hackers and possible future risks.

Proactive defense prepares companies for current and future events. To be able to defend this requires experts, suitable processes and technologies. That cannot be built up in a hurry. A good defense grows continuously and acts long-term. She therefore understands how the danger situation changes and builds up the skills necessary to minimize effects.

3. Think like an attacker - threat hunting

There is more than enough evidence that security platforms can ward off many attacks but never prevent everything. The attackers know the defense tools just as well as IT security itself. Hackers are making social engineering and phishing an art form in order to steal login data and gain access to systems.

It is therefore all the more important that human analysts keep an eye out. The human being is and will therefore remain irreplaceable. However, the current tasks define a special requirement profile for the defensive players and for their threat hunting:

  • Analysts need to think like the attacker.
  • Thanks to their experience and intuition, they know where to look for their actions and what to look for.
  • You can play through in real time what the attacker will do next and how that can be prevented.
  • Trained and experienced analysts use the information from telemetry and are always up to date.
  • You think and act more like a secret agent who puts himself in the shoes of the enemy. And not like a security technician.

4. People instead of automatisms

Many organizations either do not have the technology or the specialists to carry out such threat hunting in their IT, to proactively ward off intruders and prevent incidents. You should therefore contact the cyber security provider. That is the right step. But only services that are backed by people create added value. Threat hunting cannot take place automatically.

Because a deep analysis depends on the experienced person and their intuition, and not just on the technology. This is not about automatic processes. It is important to consciously and proactively search for dangers, to take a targeted look, to decide the next steps carefully. Professional teams in a security operations center can offer that. Managed Detection and Response (MDR) brings the human factor into play in order to protect against complex customer and industry-specific attacks.

 

More on this at Bitdefender.com

 

About Bitdefender

Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more

Bitdefender, PR News
, , , ,