What started as a thrill is now a punishable cyber crime under the Indian Penal Code -- hacking, that is. In today’s world, hackers run the gamut from curiosity seekers to hostile nation state sponsored cyber-terrorists. Hackers have morphed from the lone wolf wearing a hoodie and sitting behind a computer — to a variety of cyber intruders and perpetrators wearing anything from t-shirts and flip-flops, to dark suits.
Today, cybersecurity is top of mind for just about everyone. Like former Cisco CEO, John Chambers, aptly said, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” According to the Data Security Council of India (DSCI), India's cybersecurity market is expected to grow nine-fold to $35 billion by 2025. While international cyber battles are certainly scary and grabbing the headlines in major daily newspapers, they offer huge potential for security products and services organizations. It's projected that $1 trillion will be spent by organizations globally on cybersecurity by 2021.
Hackers enjoy a short-lived thrill of a successful cyber-attack, however these thrills are cut short by cybersecurity teams. Cybersecurity teams who protect enterprises from not just threats, they are proactively seeking newer strategies and tactics to enhance their threat seeking/resolving capabilities.
For instance, security analysts within the cybersecurity team are a subset of a threat hunters who carry out one of the most advanced skill sets in information security. Their core skills include security operations, analytics, remediation, attacker methodology, and cyber threat intelligence capabilities. A cyber threat hunter's role is becoming increasingly important in the modern enterprise, since the threat hunter is able to crack how the systems work, how attackers think and act, and how to use tools to find them and stop them. Organisations have their weak spots, which sometimes give cyber criminals an easy way in, but the hunter is sure to know where they’ll strike and lie in wait for them.
What is the scope of threat hunting? The primary objective of threat hunting is asset and information protection through:Awareness of systems, networks and exploits; insights of the enterprise applications- how they work, where the treasures are, and how the data flows and knowledge of endpoints- how they work and how they’re used.
It's important that this knowledge is constantly updated by reviewing the latest trends. With this help, threat hunters test out new tactics to detect whether attackers are trying these new techniques and, if so, what they look like. A threat hunter understands the schematic environment and masters the tools used and their configurations. This will help when they venture out on individual campaigns — probing deeper and further than before.
While threat hunting is continuous, it is broken up into individual missions called hunts. A hunt can last a few hours to several days, depending on the objectives. A hunt ideally has one or more objectives, narrowly focused at times but not too broad either. Hunt objectives may include:
- Hunting for specific exploits: A threat hunter may have read about a specific new exploit and will look broadly in the environment for its signs.
- Attacks against specific vulnerabilities: A threat hunter dives into high‐value systems with one or more known unpatched vulnerabilities to see whether attackers are attempting to exploit them.
- Attacks against specific high‐value targets (HVTs): Here the threat hunter dives deeply into the operation of a specific asset (or a small number of them), learning more about how it operates and looking for signs of reconnaissance or intrusion.
While cyber punks get a thrill from successful hacks, threat hunters cut their excitement by proactively finding and preventing new attack techniques. It is time we put the cyber criminals on the defense..
“Happy Hunger Games! And may the odds be ever in your favour.” – Suzanne Collins from the movie “The Hunger Games”
