August 2023 Volume 5

OPERATIONS & MANAGEMENT

Cybersecurity Vantage Point: People Prevail Over Too Many Tools Another cybersecurity tool will not get you out of a jam, only experienced people will. By Chuck Matthews

If your firm is trying to resolve cybersecurity concerns by purchasing yet another security tool promising “complete protection”, let me save you some time and money. I have consistently observed organizations of all sizes and of all industries fail to close security gaps without experienced professionals who can properly configure and utilize cybersecurity tools. Instead, focus efforts on ensuring access to talented, experienced professionals to both proactively threat hunt and to call on to immediately respond to risks and threats. Gone are the days of waiting for an attack before acting. Consider this alarming fact: a typical threat actor today can establish a presence and move laterally to their objective in less than two hours after gaining entry to your network. By the time most organizations mobilize a response, the enemy will have already achieved their

If a patrol sees an open gate while they’re out, they’ll secure it. Insights from the patrols in the field will help your side be better prepared, strategically allocate resources, or even interdict the attack, thereby denying the enemy any chance of success. Listening posts (LPs) are also established to detect and observe enemy movements in the field. If an LP detects enemy movement, patrols are sent out to investigate and report their findings. If the patrol engages the enemy, it may scare them off, all the better. The enemy will then be forced to move on to an easier target or give up altogether. Just like the squads on patrol, a talented team of cyber threat hunters actively seek out risks and early indicators of threats before adversaries can achieve their objectives. Network sensors act as listening posts in your network, providing valuable intelligence to hunters. Our hunters don’t wait for alerts. Deploying an experienced team of threat hunters can dramatically improve the likelihood of a positive outcome. As you can imagine, not all threat hunting is the same. Sending an inexperienced squad to patrol the perimeter could be disastrous. If someone claims that a cyber newbie scanning for indicators of compromise is threat hunting, they are sorely mistaken. Genuine threat hunters leverage their battlefield knowledge and formulate hypotheses on possible enemy behavior directed at your network. When they hunt, they’re proactively looking for risks and threats that may give the enemy safe harbor and eliminate them promptly. If they come across something misconfigured along the way, they also secure it.

objective, resulting in failure. Proactively Threat Hunt

Imagine a battlefield scenario where you establish and monitor the perimeter of your base while dispatching patrols to preemptively search for signs of the enemy. These tactical patrols look out for the enemy, assess their strength and determine what approaches the enemy could be planning before they can attack your camp.

FIA MAGAZINE | AUGUST 2023 38