Security Bloggers Network 

Threat Hunting and EPP – More Important Now than Ever

by Perry Kuhnen on October 31, 2018

Sometimes I make a lofty statement and need to defend it. This time I thought it should become a blog post. Below I offer three reasons that Endpoint Protection and Threat Hunting are more important now than ever before. These reasons are based on technological factors, constraints of traditional prevention tools, and how these technologies function once you are breached.

You have less visibility:

More and more network data are encrypted. Choose your source on that, a lot of people have said so. Fun fact about encrypted traffic – your firewall doesn’t get to peek inside, at least not without consequence. Yes, I’m aware many modern firewalls can decrypt SSL sessions – but, doing so brings with it its own set of performance, latency and privacy issues.

So, encryption remains a double-edged sword – it should prevent unauthorized access to your data, but it also prevents tools from accessing and evaluating the data going through your network. That means malicious code can hide inside. This lack of visibility blindfolds your prevention technology because without that visibility there is nothing for it to check known signatures against.

Prevention tools can’t assess behaviour:

Without the ability to evaluate behaviour and its potential impact, processes that could be malicious can go undetected. This is why ransomware is problematic – encrypting information (as we saw above) has to happen on your network, and less often on your endpoints. So, tools that assess signatures can’t just look for encryption – they would yield false positives all the time. A human threat hunter can evaluate whether behaviour is suspicious or not; whether a given user should be encrypting on a specific machine at a particular time. Considering that attackers are building their weapons with an incubation period, having a threat hunter who can investigate suspicious activity (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Perry Kuhnen. Read the original post at: https://www.intelligonetworks.com/blog/threat-hunting-and-epp-more-important-now

Perry Kuhnen ,