Leveraging Managed Threat Hunting

The cybersecurity landscape changed drastically on two fronts in 2020: volume and supply chain complexities.

Attack surfaces expanded and softened as employees migrated off well-protected corporate networks and logged on from home. As a result, the number of incidents and the money cybercriminals made from exploits like ransomware skyrocketed, growing 311% to $350M.

Last year also brought to light the devastation wrought by supply chain attacks with the SolarWinds breach.

Even with top-notch solutions in place, organizations must always be at the top of their game, since the simplest of security oversights can be exploited at any time. And with threat actors reinvesting in new tools and techniques, organizations will continue to face increasing attacks that are very difficult to detect, as they have never been seen before.

So how can an organization uncover the invisible cyberthreats and protect against the unknown?

Know Your Place on the Most-Wanted List

Having a complete understanding of where your organization stacks up in terms of its security posture can fundamentally change how to assess risk and reframe the way you think about threat intelligence.

A basic rule of thumb when building out a security framework is to know yourself, first, by having a vast understanding about how threat actors view your industry, who they target, how and why. Then, it is important to determine where your organization falls on that spectrum, and how attractive you might be as a target.

Organizations then need to perform the same exercise for all its clients to understand if threat actors may leverage any of those relationships as a point of vulnerability. This becomes more complex when factoring in the supply chain and the need to break down every piece to discover where vulnerabilities lie. However, it’s a necessary step, since being a point of entry for a supply chain attack could have huge reputational consequences for all involved.

Look Beyond the Machine

A recent Harvard Business Review article discusses how to spot and react to these “black swans,” emphasizing that the key to uncovering and identifying an unknown risk is real analytics. Tools such as machine learning and automation can help with known threats, but to fight the unknown, the human element is required.

While AI may thrive in stable, predictable environments, the true value and talent of human analysts shines when irregularities occur and their ability to investigate and creatively solve problems comes to the forefront.

Building out an internal threat hunting team, or teams, to perform such tasks is no small undertaking, especially when budgets are razor thin and there is an acute shortage of qualified talent. So what can be done?

What to Consider When Selecting a Threat Hunting Service

The best protection against unknown threats for any organization is to incorporate threat hunting into your overall security program. The best way to do that, for many organizations, is through a managed threat hunting service. If you’re considering a managed threat hunting service, here are three easy steps to take when selecting one that’s best for your business:

  1. Choose top-rated detection: Since the reason a company invests in threat hunting is to find and mitigate threats before the damage is done, select a service that is built on technology with a proven history of uncovering threats that are complex, subtle and previously unseen.
  2. Quiet the noise: As organizations gain visibility into their own security environments through endpoint detection and response (EDR) or the threat landscape through cyberthreat intelligence, it can lead to an increase in fear, uncertainty and doubt. Incorporate solutions that leverage automation, where possible, so that human threat hunters can focus their efforts on anomalies that require a specialized human touch.
  3. Pick top talent: Align yourself with an organization that has the expertise needed to notice and call attention to the small, quiet anomalies that may seem irrelevant on their own, but that, when pieced together, show a more accurate picture of your company’s security posture. An organization that can leverage external intelligence to give context to what they are seeing can then quickly take action.

While it is becoming more commonplace to think about long-term threats and understand the risks within a supply chain, it is also important to consider the less-obvious factors that contribute to the ecosystem that speak to a higher level of responsibility placed on smaller organizations. Because no organization, of any size, wants to be the one that gives the bad guys a win.

Randall Richard

Randall Richard

Randall Richard is Kaspersky's head of enterprise sales for the U.S. Randall has an extensive sales background with almost a decade of sales management and leadership experience, including at RSA.

randall-richard has 2 posts and counting.See all posts by randall-richard