Three tips for hunting cyber adversaries

By Trend Micro

Dhanya Thakkar, Trend Micro’s Senior Vice President, Asia Pacific, Middle East and Africa, shares how governments can boost threat detection and response.

In threat hunting, time is money. Organisations took an average of 280 days to identify and contain a data breach in 2020, according to a recent IBM report. That cost them a million dollars more than if they had contained the breach in less than 200 days.

Threats are no longer “your run-of-the-mill malware or phishing emails,” says Dhanya Thakkar, Trend Micro’s Senior Vice President, Asia Pacific, Middle East and Africa. Trend Micro is seeing “sophisticated attacks that bypass cyber security solutions.”

Organisations have to be ready for the cutthroat cyber battlefield. Thakkar shares three tips for governments to better hunt down cyber adversaries and protect networks.

1. Protect the whole environment

Threat detection today is usually around the endpoints, says Thakkar. But it’s not enough to only protect those. “What if the threat came in via email, an IoT device, or cloud?” he adds. The uptake of cloud and IoT has also accelerated, so threat detection must cover more than just the endpoints.

The endpoint may also not be where the threat originated though it seems like it, Thakkar says. “It's important to know, especially in cybersecurity, what that patient zero looks like.”

The ‘patient zero’ tells organisations a lot about where the threat came from, how it transformed, and what tools the hacker used to enter the environment, he says. Having this big picture helps organisations better guard against future threats.

So, threat detection and response has to go beyond the endpoint, says Thakkar. It has to “not only ingest the data, but also identify and correlate threats from endpoints, emails, network and cloud workloads.” This provides security analysts with a better context to hunt, detect, and contain threats.

Trend Micro’s detection and response (XDR) technology connects emails, endpoints, servers, cloud workloads, and networks to secure an entire organisation. It also acts like a “video recorder” and helps organisations trace where the breach happened and how it proliferated, says Thakkar. This way, security analysts can “zoom out and see the whole picture”.

2. Context is key

Security Operations Center (SOC) analysts are overworked and deal with thousands of threat alerts every day, says Thakkar. “It really is difficult for those SOC analysts sitting among thousands of alerts, trying to pick out which may be real, which may be suspicious.”

When analysts can’t tell which is a suspicious alert, they waste a lot of time chasing after false positives - further adding to their fatigue.

Machine learning and artificial intelligence can make their lives easier, says Thakkar. The technology can correlate data to generate fewer high-confidence, contextualised alerts, he adds. This leads to better and earlier detection of threats.

Thakkar likens this to a hypothetical threat detection system in airports. Such a system monitors an individual’s behaviour across different points in time and raises the alarm when suspicious behaviour is detected more than once.

“You are pushing through the security door that you are not supposed to push … you are walking by this particular place eight times instead of going to your gate.” These different observations will then be combined to a “highly contextual alert” for airport security, says Thakkar.

3. Integrate your solutions

Governments have been buying “more and more” security solutions to deal with threats, says Thakkar. But these solutions are often from different firms, and do not work together. That creates a lot of blind spots and results in repetitive work, he adds.

Large sums of money have been paid for such technology, he says. “And the XDR wants to ensure that investment doesn't go to waste.” So, Trend Micro’s XDR doesn’t replace the SIEM, but works together with existing technology for better threat detection. It ensures that “everything is interconnected”.

The cat-and-mouse game of threat hunting will only get more intense as digitalisation accelerates. Countries must be ready to boost their defenses and look out for blind spots.

To find out how your organisation can enhance threat detection and response, watch the on-demand of Trend Micro’s recent virtual launch event - XDR IS HERE.