Industry executives and experts share their predictions for 2018.  Read them in this 10th annual VMblog.com series exclusive.

Contributed by Chris Gerritz, Founder of Infocyte

Infocyte Deems 2018 "The Year of the Hunter"

Cyber security predictions from a leader in post-breach threat detection 

I'm predicting a more offensive enterprise attitude in 2018. I'm also optimistic that, now, companies have the means to deny attackers the ability to persist undetected inside the network. Observations into 2017 and what's ahead for cyber security in 2018 helps unlock a few reasons why.

Make 'I will be breached your mantra' and prepare for it.

Cybercrime isn't going away, and attackers are only getting more aggressive. We will continue to see leaked government cyberespionage tools become weaponized by hackers in 2018, on top of new zero days. By changing your security mind set and employing new techniques like threat hunting you will be ready for stealthy attacks that make it past your first line defenses. The latest research indicates that controlling the dwell time of malware and APTs is the key to dramatically reducing business impact. By accepting you will be breached and putting proactive hunt solutions in place you will be able to detect and neutralize threats before they can cause damage

Compromise Assessments will become increasingly important as malware continues to slip through traditional security defenses.  

It's already a standard best practice to run vulnerability and pen tests, but what about threats that are already in your environment? Compromise Assessments are just as important to look for malware and APTs that have slipped through defenses and are sitting undetected on your network. Aside from being a best practice, they are becoming increasingly important as new legislation governing security and data privacy are rolled out on 2018, and companies rush to purchase cyber insurance to protect themselves in the event of a breach:

• Cyberinsurers are starting to review the state of an organization's cyber health before issuing policies and setting premiums. Hidden threats are a liability and will increase your bottom line when purchasing a policy if you don't have a clean environment to start with. Compromise Assessments allow you to evaluate your security posture and remediate any issues before an insurer comes in.
  

• New regulations will become active 2018 including the NIST standards for Continuous Monitoring in the US, and Europe's new GDPR data protection regulations. Compromise Assessments are a valuable tool to help achieve compliance by providing a mechanism to measure and check that your security controls are working, and quickly address any found issue.

Companies will look to invest in technologies to help triage and investigate security alerts.

Organizations receive an average of 17,000 malware alerts per week, of that, fewer than 20 percent are worthy of examination - only 4 percent of all valid threats are investigated. Why? Alerts often requires human oversight and validation to confirm if the alert it is legitimate. Most organizations simply don't have the resources to investigate every alert or the expertise to recognize advanced threats. Solutions that automatically triage alerts from a SIEM, network or endpoint product to weed out false positives and quickly identify which to escalate will reduce the time and resources needed to comb through volumes of false and low priority alerts.

##

About the Author

Chris Gerritz, Founder of Infocyte, the premier threat hunting tool for post-breach detection, is also the former Chief of Defensive Counter Cyberspace Operations for the USAF AFCERT team. Infocyte is the result of Chris' experience hunting adversaries within some of the largest and most targeted defense networks in the world. His experience building the US Military's first malware hunting team offers companies an unmatched level of operational expertise and equips a highly refined perspective on how to tackle current and future security threats.