This free excerpt from the new book Building an Effective Cybersecurity Program, 2nd Edition, by Tari Schreider C|CISO, CRISC, ITIL® Foundation, MCRP, SSCP will help you to begin Building YOUR Cyber Threat, Vulnerability Detection, and Intelligence Capability.
This chapter will help you to:
- Understand the relationship between threats and vulnerabilities.
- Understand how to identify and categorize threats.
- Know how to detect vulnerabilities within your organization.
- View your organization as an attack surface.
Learn more about this book — see Building an Effective Cybersecurity Program 2nd Edition
Here’s a brief sample:
3.2.5 Cyber Threat-Hunting
If you are tired of the suspense of waiting for the bad actors to come to you, consider going to them. A rapidly emerging practice is cyber threat hunting. As the name implies, some organizations have gone on the offensive and have begun to hunt down bad actors, seeking evidence of their malicious activity within their network. Threat hunting leverages cyber intelligence, threat analytics, and security information and event management solutions to hunt advisories. Cyber threat-hunting is “what’s next” for your security operations (SecOps).
A 2016 SANS Institute survey of nearly 500 participants on threat-hunting revealed that nearly 86% of organizations are involved in some form of threat-hunting today, albeit informally. According to the survey author, Dr. Eric Cole, respondents are still figuring out exactly what a threat hunting program should look like, how to attract the right skills, and how to automate their hunting processes.
Rather than focusing on the noise of attacks crashing the gates of your firewall, hunting focuses on what may already be happening inside your network. Identifying lateral or east-west movement of attackers searching your devices to gain access privileges is where the big game is now. Lateral attacks occur behind the firewall where attackers move sideways going from application to server looking for something to compromise that will grant them elevated privileges. Many prominent attacks have occurred when attackers have been inside the network for months if not years. You must face a reality of life today – hackers or insiders with ill intent may already live behind your firewall, searching your network for vulnerabilities to exploit.
Did You Know?
In June of 2019, NASA’s Jet Propulsion Laboratory (JPL) was cited by the Inspector General for not implementing a threat hunting program recommended by IT security experts to aggressively pursue abnormal activity on its systems for signs of compromise, and instead rely on an ad hoc process to search for intruders. Have you investigated deploying threat hunting?
A must read for any professional… to build a world class enterprise cyber program …”
“There are a myriad of cybersecurity books available these days. However, none like this. This book is the differentiator.”
“Extremely valuable and clear guidance…”
“…an excellent reference guide of how to practically and pragmatically build a security program..”
“Adopting and applying the characteristics of a journey, Schreider guides the reader through the mileposts of building a cybersecurity program, start to finish. Even so, the book is organized so it can easily be used as a reference guide, providing detailed information for any point along the route. This book includes ample visual graphics to illustrate the complex ideas addressed in the text. These graphical representations help the reader to comprehend and retain the information presented. It should be noted that there are a large number of hyperlinks in this book. Many readers will find a digital copy with active hyperlinks most useful.”
“…a step-by-step guide with practical examples and a true roadmap for anyone who needs to build a cybersecurity program…”
“Schreider provides a detailed and real-world roadmap on how to create an effective information security program. He also brings his practical experience to every chapter, detailing what works and does not, the pros and cons of items suggested and more… heavy on practical guidance. ”
You know by now that your company could not survive without the Internet. Not in today’s market. You are either part of the digital economy or reliant upon it. With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs, 2nd Edition, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program.