How to Speed Cyberattack Discovery

A cyberattack can devastate its victim. MGM Resorts, for instance, expects to take a $100 million hit from its September cyberattack. What’s less well known is that in many cases a cyberattack can be either prevented or nipped in the bud with the assistance of cyberattack discovery.

Threat actors are becoming increasingly sophisticated and continue to evolve their tactics, techniques, and procedures to evade detection, says Eric Doerr, vice president of engineering for cloud security at Google Cloud in an email interview.

Further, organizations today are overwhelmed by alerts and often don’t know how to prioritize and focus their efforts. “Therefore, the best way for organizations to speed the discovery of a cyberattack is to gain a deep understanding of the threats most likely to impact their specific business,” Doerr advises. “Enriching and contextualizing alerts with the latest threat intelligence helps organizations to eliminate blind spots and ultimately detect threats faster.”

Defense Tactics

A fast and reliable way to identify cyber threats is with proactive threat hunting, which utilizes human defenders armed with advanced detection and proactive response technologies and approaches, says Mike Morris, a Deloitte risk and financial advisory managing director via an email interview. “In particular, threat hunting, during which human defenders actively maneuver through their networks and systems to identify indicators of a network attack and preemptively counter these threats, can speed the discovery of cyberattacks.”

Yet he warns that for threat hunting to function optimally, it’s necessary that specific, relevant, and accurate intelligence is coupled with automation to identify and mitigate the adversary’s activities.

When deploying human-based threat-hunting capabilities, it’s helpful to think about the parallels to physical security leading practices, Morris says. “For example, human security guards, tasked with protecting critical assets, constantly inspect physical infrastructures and maintain the integrity of their responsible spaces by actively patrolling and investigating,” he explains. “The less static, routine, and predictable a defensive team is, the harder it is for attackers to anticipate defenders’ actions.”

You need to constantly tune and refine your detection and alerting tools, says Joseph Perry, a senior consultant and advanced services lead at MorganFranklin Consulting in an email interview. Regular audits of your security controls, constant feedback from your security operations center regarding false positive rates, regular assessments, and a healthy, prioritized backlogging process are all critical, he notes.

Read the rest of this article on InformationWeek.

Related articles: