Sage Advice - Cybersecurity Blog

When it comes to cybersecurity, organizations are moving away from prevention-only approaches, and focusing more on detection and response. The shift to this approach "spans people, process and technology elements and will drive a majority of security market growth over the next five years.,” says Gartner’s principal research analyst, Sid Deshpande.  Of course it doesn’t mean that prevention techniques aren’t still an important part of your security program. But it “sends a clear message that prevention is futile unless it is tied into a detection and response capability.”

It’s generally accepted that the best defense is a good offense. In cybersecurity terms that means taking a more proactive approach to catching our cyber adversaries. Cyber threat hunting is an effective method for searching your network for malware and other threats that have evaded traditional security defenses. To be a successful threat hunter it’s important to understand the adversaries we’re facing, as well as the tricks and techniques they use. Let's take a look at a few.

Hackers are people, so when threat hunting, it’s important to think like they do. You need to understand the tricks and techniques that are commonly used. This intellectual capital can provide mature threat hunters with an advantage as they share common skills and traits with their unethical counterparts. 

As the number of successful cyber-attacks continues to soar, it's time to take a proactive stance to detect them. You can’t simply sit back and wait for an automated alert to let you know you’ve been breached. You need to actively seek out potentially malicious behavior on your network. Hunting down indicators of attack, so you can detect and contain an incident as quickly as possible.

Cybercriminals have a variety of tools and techniques in their bag of tricks. In order to go about their business undetected though, their tools are constantly changing. It seems once the good guys figure out how to defend against one type of attack, they’ve already moved on to the next type. This year, fileless malware (also called non-malware) is making headlines as one of the latest up-and-coming infection techniques.

In order to keep up with the deluge of new cyber threats and malware attacks, cyber threat hunting is becoming more popular. Cybercriminals continue to get more adept at using techniques and building tools that make it extremely difficult for traditional signature-based technologies to detect them. So difficult in fact, that it’s fairly common for an organization to not know an intrusion has occurred for days, weeks, or even months.

As Ransomware attacks continue to escalate in scale and scope, it is more important than ever to be able to defend your organization against this type of cyber attack. Especially when it comes to preparing your incident response protocols. Preparation and practice are the secrets to success. So, if you are comprised, you can recover quickly with little or no damage… and without having to pay a ransom. 

Here’s how you can ensure that your organization is ready to confidently respond to, and survive, a ransomware attack.

By joining forces to collaborate and share information, we stand a far better chance of beating back the bad guys. With threats continuously evolving, this is an on-going and time-consuming responsibility. And if you’re not able to keep up-to-date with the latest threat intelligence, your network could be vulnerable.

It’s no secret that managing your firewall is an essential component of defending your network. Keeping up with the latest threats, plus deploying, upgrading, patching is no small or easy task. That’s why some organizations choose to contract with a third-party to manage, and monitor, their firewall.