As the result of cybersecurity incidents, many organizations have suffered reputational damage and taken a hit on their brand value as a result of a data breach.
To understand what businesses can do differently, Digital Journal caught up with Harjott Atrii, executive vice president and global head of the digital foundation services at Zensar Technologies.
Atrii expands on the cost to businesses: “Cybersecurity breaches are an expensive threats to enterprises. With technology evolving at a super-fast rate, there is a growing need for enterprises to re-imagine security. This is focusing on integrated threat management measures. As I stands, organisations that succeed today are those that continually refine their knowledge of the adversities they face.”
To help readers in the business sector, Atrii outlines a six-step approach for organisations looking to establish a robust Threat Hunting process. These steps are:
Requirement gathering: The objective is to amass the details about the existing cybersecurity controls and compliance needs of the business.
Data collection: The focus here is aggregation, processing and managing of enterprise data. To aid this process, Security Information and Event Management platforms are available. These assist with data collection and they can provide deep insights for further analysis.
Build a hypothesis: Clients tend to out in place an internal hunting team that analyses the collected data to investigate and build a hypothesis. The output is to assess how attacks work, what aspects need to be analysed and then how to curate a threat modelling process.
Threat hunting: Based on the output, threat hunters should be engaged to search for a unique hunting string pertaining to a malicious activity, or with intrusions, anomalous behaviour, unusual port activity or other forms of compromise. Researchers can also scan metadata, using packet-level data to help to reach a definitive conclusion.
Threat investigation and identification: Once the hypothesis has been validated, the following step is to investigate and identify threats. This is undertaken via an Extended Detection and response service. This step deploys solutions like Security Information and Event Management and End point Detection response systems. Such solutions assist in identifying threats without needing to know the attack’s exact signature and detects irregularities in traffic flow. The objective is to sound an alarm prior to a cybersecurity threat happening.
Threat incident response: Cybersecurity experts should be engaged to design an effective response mechanism. This tends to be undertaken using automated security tools, to resolve and mitigate the threat.
