Business Daily Media

Men's Weekly

.

Threat Hunting after the Holidays

  • Written by Niranjan Jayanand, WatchTower Threat Hunting Manager - Asia Pacific, at SentinelOne

With the holidays approaching, employees around the world are looking forward to taking time off to celebrate with their family and friends. For cybersecurity departments, that often means skeleton crews working shorter hours and responding to high-priority alerts. Threat actors know this, and often use these time periods to sneak malware into a system and leave it latent until the right moment.

This infiltration can easily go unnoticed during this time of year, and the malicious code sitting within the company system may not be exploited for several months. By the time the threat actor is ready to launch their attack, they have everything they need in place to steal data, transfer money to their own accounts, or wreak havoc.

Post-holiday threat-hunting activities can help Australian businesses find these pieces of malware and safely remove them from the network. Threat-hunting activities were recently legislated in Singapore, and we believe it is advisable for all Australian businesses to conduct them.

What is Threat Hunting?

Threat hunting is a proactive effort to search for signs of malicious activities that have evaded security defences within an organisation. Threat hunters are able to uncover hidden threats that may be waiting to execute an attack or find events that have already compromised the environment.

Effective threat hunting helps uncover hidden advanced persistent threats (APTs), cybercrime, policy misuse, insider threats, poor security practices, and environmental vulnerabilities. The activity aims to identify attacks that slipped past your defensive shield.

Meeting Threat Hunting Standards

In most countries in the Asia Pacific, the legislation mandates that organisations should collect and store logs of all attempts to access the company’s network and digital assets, as well as the number of network connection attempts from both within and outside the company. Best practice for cybersecurity hygiene also encourages organisations to collect and store firewall logs, DNS logs, web proxy logs, and NIDS/NIPS logs.

The logs should use a consistent time source, be protected against unauthorised access, and be stored for a minimum period of 12 months. Moreover, it is best if the logs are monitored by a log retention policy with a log file structure that facilitates analysis. These logs should be available for any threat-hunting investigation.

While some legislations in the region only require a threat hunt or a compromise assessment every year or so, organisations would be well served to complete a threat-hunting exercise annually following the holidays. Any cybersecurity risks that are identified during the threat-hunting exercise should be included in cybersecurity risk assessments to ensure that any found threats are assessed, mitigated, and tracked. Additionally, they should investigate those threats to determine whether any incident took place in the past.

Threat Hunting in Practice

While the concept of threat hunting seems reasonable, it is quite challenging to do in practice. Threat hunting across various security technologies and disparate log data is challenging; this is why XDR vendors are able to offer a much more efficient solution to threat hunting. Collected endpoint data includes all network connections, file events, and registry events. This creates a rich hunting ground to proactively identify hidden threats, risks, and vulnerabilities and empower your team to mitigate risks that degrade your security posture proactively.

However, even with access to this vast collection of data, without automation and AI, it is still challenging to hunt effectively without a full-time team of threat intelligence experts, malware reverse engineers, hunters, and investigators. For this reason, cybersecurity vendors offer a threat hunting/compromise assessment service. For example, some cybersecurity vendors provide expert hunters that will leverage their proprietary hunting methodology and intelligence enrichment to hunt your global environment and provide a prioritised roadmap of identified threats and risks with mitigation guidance for every finding.

Benefits of Threat Hunting

Threat hunting allows security teams to proactively get ahead of the latest threats by hunting for malicious activity. It helps to improve a company’s true risk posture and prevent any number of cyber incidents from progressing into full-blown attacks. When threat-hunting activities are complete, they provide confidence and peace of mind to security teams who no longer need to worry about latent threats hiding within the network.

Strengthening Your Security Posture

Threat hunting is an important element in building up an organisation’s security posture. However, for organisations to stay safe, they need to ensure they have the right tools and processes in place to conduct the hunt. Otherwise, they may pass over a threat that is hiding in plain sight.



By Niranjan Jayanand, WatchTower Threat Hunting Manager - Asia Pacific, at SentinelOne

Beyond borders: Building a scalable strategy for international hiring

For many Australian businesses, growth increasingly depends on thinking beyond local borders.  As wage pressures rise, and specialised talent pool...

The Next Generation of Maritime Sustainable Solutions

As organizations globally seek innovative ways to improve sustainability and their impact on Earth, the American Waterways Operators (AWO), a lead...

Demand for Home Batteries surges as Federal Rebate Kicks In

A leading provider of energy solutions VoltX Energy has seen a 400% increase in demand for home batteries in the past three weeks as people put d...

Why Sport Remains the Safest Bet in an Uncertain World

When Rome was in crisis, its leaders did not retreat to the Senate. They went to the circus. To the chariot races. To the gladiators. Sport was no...

THE FINE LINE WITHIN HILARIOUS SIGNAGE DESIGN FAILS

It seems like design failures still occur in today’s modern branding era, despite rigorous rounds of approvals behind the scenes. One signage show...

Deputy Announces Exclusive Global Partnership with Predelo to Bring AI to Shift-Based Businesses

Deputy, the global people platform for shift-based businesses, has announced an exclusive partnership with Predelo, an AI Decision Agent-as-a-Serv...

Sell by LayBy