With sophisticated data breaches on the rise, a new report from Fidelis Cybersecurity suggests a key to solving the issue is threat hunting and detection. Of the 582 security professionals surveyed for the report, "The State of Threat Detection Report 2018," 63% said they do not currently employ threat hunting or do not know if they do.
In this article, Fidelis president and CEO Nick Lantuh explains why more organizations should embrace the threat hunting process as part of their cybersecurity strategy and shares threat hunting best practices. Lantuh also explains why machine learning has become an important component of the threat hunting process.
Editor's note: The following has been edited for clarity and length.
What are some threat hunting best practices? What role does machine learning play in the threat hunting process?
Nick Lantuh: Threat hunting has already become crucial for the very advanced and sophisticated organizations. The ability to collect, mine [and] extract your metadata is going to become a core pillar of an organization's security strategy.
Organizations need to make sure that threat hunters are not just confined to one area -- they should span across multiple disciplines. You can't just have threat hunters in your incident response environment. They're part of our incident response teams, product management team, threat research team, development team, data sciences team. We have them really spread across the company.
But threat hunting is not a skill set that is readily available. When you really look at the amount of true threat hunters that are out there, it's a very, very limited set.
Machine learning is an important component of threat hunting because that's part of taking steps down the path to automate and make things easier, especially when you're dealing with and confronted with very large data sets that are never-ending and expanding. It's a way for machines to assist humans in doing this.
But, at the end of the day, the human aspect of the threat hunting process will really never go away because there are just certain complexities and nuances that machines just simply can't model and make into an equation.
When it comes to threat hunting best practices, it goes back to having full visibility. It goes back to having the ability to monitor all your ports and all your protocols -- the ability to collect all of the traffic and all the endpoint activity because, without it, there are blind spots.
I'd say that paramount to proper threat hunting processes is first having a platform that has the ability to collect all of that, to aggregate it, to orchestrate and to automate it -- to be able to provide that automated type of platform. Then, it's cultivating and having the right kind of people.
At the end of the day, it's not just about technology; it's about a combination of technology, processes and great people that put eyeballs on the problem.
Dig Deeper on Risk management and governance
Related Q&A from Mekhala Roy
At the recent Gartner Symposium, analyst Arun Chandrasekaran highlighted the benefits of serverless computing and delineated the factors driving ... Continue Reading
In this Ask the Expert, Lumentum SVP and CIO Ralph Loura highlights two key factors to consider when choosing among public cloud giants AWS, Azure ... Continue Reading
Tufin Technical Director Joe Schreiber highlights how automating security operations can benefit an organization and discusses best practices for ... Continue Reading