Virtualization Technology News and Information
Battling the Unknown: Leveraging Managed Threat Hunting to Uncover Invisible Adversaries

security risks 

By Randall Richard, Head of Enterprise Sales, Kaspersky North America

2020 changed the cybersecurity landscape on two fronts: volume and supply chain complexities. 

Attack surfaces expanded and softened as employees migrated off well protected corporate networks and logged on from home. As a result, the number of incidents and the money cyber criminals made from exploits like ransomware skyrocketed, growing 311% to $350M.  

Last year also brought to light the devastation of supply chain attacks with the news regarding the SolarWinds breach.

Even with top notch solutions in place, organizations must always be at the top of their game, since the simplest of security oversights can be exploited at any time. And with threat actors reinvesting in new tools and techniques, organizations will continue to face an increase of attacks that are very difficult to detect as they have never been seen before.

So how can an organization uncover the invisible cyber threats and protect from the unknown?

Know your place on the most wanted list

Having a complete understanding of where your organization stacks up in terms of its security posture can fundamentally change how to assess risk and reframe the way you think about threat intelligence.

A basic rule of thumb when building out a security framework is to know yourself first by having a vast understanding about how threat actors view your industry, who they target, how and why. Then it is important to determine where your organization falls on the spectrum and how attractive you might be as a target.  

Organizations then need to perform the same exercise for all its clients in order to understand if threat actors may leverage any of those relationships as a point of vulnerability. This becomes more complex when factoring in the supply chain and the need to break down every piece in order to discuss where vulnerabilities lie. However, it's a necessary step, since being a point of entry for a supply chain attack could have huge reputational consequences for all involved.

Look beyond the machine

A recent Harvard Business Review article discusses how to spot and react to these "Black Swans," emphasizing that the key to uncover and identify an unknown risk is real analytics. Tools such as machine learning and automation can help with known threats, but to fight the unknown, the human element is required.

While AI may thrive in stabile, predictable environments, the true value and talent of human analysts shines when irregularities occur and their ability to investigate and creatively solve problems comes to the forefront.

Building out internal threat hunting teams to perform such tasks is no small undertaking, especially when budgets are razor thin and there is an acute shortage of qualified talent. So what can be done?

What to consider when selecting a threat hunting service

The best protection against unknown threats for any organization is to incorporate threat hunting into your overall security program. The best way to do that for many organizations is through a managed threat hunting service.  To do so, here are three easy steps to take when selecting a threat hunting service that is best for your business:

1.       Choose top rated detection: Since the reason why a company invests in threat hunting is to find and mitigate threats before the damage is done, select a service that is built on technology with a proven history of uncovering threats that are complex, subtle and previously unseen.

2.       Quiet the noise: As organizations gain visibility into their own security environments through Endpoint Detection and Response or the threat landscape through Cyber Threat Intelligence, it can lead to an increase of fear, uncertainty and doubt. Incorporate solutions that leverage automation where possible so that human threat hunters can focus their efforts on anomalies that require a specialized human touch.   

3.       Pick top talent: Align yourself with an organization that has the expertise needed to assemble the small, quiet anomalies that may seem irrelevant on their own, but when pieced together show a more accurate picture of your company's security posture. An organization that can leverage external intelligence to give context to what they are seeing and can then quickly take action

While it is becoming more commonplace to think about long term threats and understanding the risks within a supply chain, it is also important to consider the less obvious factors that contribute to the ecosystem that speak to a higher level of responsibility that may be placed on smaller organizations. Because no organization of any size wants to be the one that gives the bad guys a win.



Randall Richard 

As head of enterprise sales, Kaspersky North America, Randall is responsible for leading the U.S. enterprise sales team while driving business-to-business growth with the Kaspersky United network of trusted channel partners. Randall brings an extensive sales background to his role at Kaspersky with almost a decade of sales management and leadership experience. Prior to joining Kaspersky in 2020, Randall served as a global sales manager at RSA, a computer and network security company focused on encryptions and the standards around encryption. In his role, he managed the Fraud and Risk Intelligence Division, ensuring that both costumers and team members fully understood all the product had to offer.

Published Friday, March 19, 2021 9:49 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2021>