As the federal government investigates the email leak from the Democratic National Convention, it is increasingly important for companies to develop proactive cybersecurity policies, such as cyber threat hunting. According to a recent SANS Institute report, 74 percent of companies engaged in threat hunting have reduced the potential for attack.
The report, Threat Hunting: Open Season on the Adversary, defines cyber threat hunting as tracking and eliminating cyber adversaries from a network as early as possible. Early detection also allows government agencies and private companies to minimize the damage of a potential system compromise.
David Bianco, lead security technologist at Sqrrl, told Homeland Security Today, “If you are worried about human advanced targeted attacks, and you’re not doing threat hunting you’re probably not going to be successful in finding those hacks. Let alone defending yourself against them.”
Sqrrl, a security analytics company that works to provide cybersecurity to government agencies, researches cyber threat hunting, behavioral analytics and incident investigations. Sqrrl currently works with DLT Solutions, an information technology (IT) solution provider, to aid government agencies in cybersecurity.
Bianco said organizations are becoming increasingly interested in threat hunting techniques since companies are still facing cyber threats, despite being engaged in automated threat detection for years.
“Even though the automated solutions have a very important place in overall detection programs, pitting automated solutions against crafty, experienced hackers, is kind of setting them up to fail,” Bianco said. “They need some more flexible human interaction in the detection process in order to counteract the flexible human adversaries that we’re being asked to detect.”
The SANS report emphasizes utilizing automated resources to complete time-consuming tasks and combining them with human staff for analysis-based research. As Homeland Security Today recently reported, the mass adoption of security software is allowing hackers to compromise larger companies at once.
As hackers become more familiar with security software in place they are able to expand their reach.
“For as long as there has been a security industry, the security industry vendors have been telling customers, ‘you just buy our tools and we will solve all your problems.’ and many of the customers have been believing them,” Bianco said. “And now we are finding that that is not the case, you cannot just plug in an automatic tool that gives perfect protection.”
The SANS research study found that 52 percent of companies with threat hunting policies indicated a reduced risk in cyber threats.
SANS measured data from respondents in government, as well as the technology, education and financial industries. Financial institutions in particular are often the target of cyber attacks because of the large amount of confidential information that is considered high-value.
“Whether you’re a private company or not, the larger your organization is the more likely you are to be at risk for targeted attacks,” Bianco said.
Threat detection requires companies integrate policy, staff and technology to prevent cyberattacks. The SANS report outlines the importance of threat hunting in reducing the amount of time a system is compromised by a cyberattack.
Ely Kahn, co-founder at Sqrrl, told Homeland Security Today adversaries are often present in a system for over two hundred days before they are found. Kahn said companies are forced to amp up their cybersecurity efforts because of the potential for economic damage, financial loss and public accountability–all of which can be harmed because of a cyberattack or data breach.
“Their other options are clearly not doing the job,” Kahn said in reference to companies utilizing alternate strategies without threat hunting. “[Companies] need to take a more proactive approach to go out and specifically look for threats that have evaded their other defenses.”
