by Shomiron Dasgupta, Founder and CEO, DNIF Next Gen SIEM Platform
Threat hunting isn’t new, but the importance of its practical use in countering cyberthreats is recent.
We’ve seen that companies’ awareness of threat hunting is increasing over time. However, a lack of attention given to cyberthreats, arising out of budget, expertise and staffing constraints, has led to an increase in the number of successful malware attacks. Hence, countering them has become more and more challenging.
What is threat hunting and what distinguishes it from threat detection?
In cybersecurity, threat hunting is a systematic process for detecting advanced threats in an organization’s network. In simple terms, the goal is to detect any intruders that may be lurking in the network. On average, intruders have access to networks for more than 220 days before being detected. Often, the ones notifying the organizations about them are credit card companies or law enforcement agencies. Threat hunting is about proactively seeking out these lurkers, instead of taking a passive approach that only alerts an organization about them. The proactive nature of threat hunting is what sets it apart from threat detection. Threat detection occurs when a threat becomes visible independently, such as by triggering an alert in security software. Threat hunting, on the other hand, involves searching for suspected or potential threats that are not already visible.
Why is it important, and why should I use it?
An attacker’s initial goal is typically something like stealing valid login credentials for a privileged account. Attackers use stolen credentials to carry out search-and-steal or search-and-destroy missions using tools and techniques that end users don’t use. This enables them to go undetected and cause tremendous damage to intellectual property.
Threat hunting is necessary to counter the sophisticated techniques that cybercriminals use to evade detection by conventional means. Today’s malware can often escape detection by antivirus software. Attackers are innovating at an alarming rate, creating new forms of attack. Organizations can’t afford to wait weeks or months to learn about incidents. From the moment of intrusion, the cost, damage and impact of an attack grows by the hour.
Threat hunting is human-driven, iterative and systematic. Hence, it effectively reduces damage and overall risk to an organization, as its proactive nature enables security professionals to respond to incidents more rapidly than would otherwise be possible. It reduces the probability of an attacker being able to cause damage to an organization, its systems and its data. This is vital to ensure that confidential data isn’t misused or accessed by unauthorized individuals.
The combination of dynamic intelligence, analytics and situational awareness tools, and perpetual data monitoring with an analyst’s finesse in testing and evaluating data, brings about a reduction in false positives and wasted time throughout the security operations center.
Conclusion
Threat hunting has demonstrated itself to be very effective and is gaining momentum, as companies look for ways to improve security and eliminate threats. As zero-days and advanced persistent threats (APT) continue to challenge security staff, analysts are adopting threat hunting platforms to uncover attacks more rapidly. Given the impossibility of 100% detection rates, as well as the inability of traditional tools like IDSs to completely address the security needs of modern organizations, there is a dire need to establish security teams who can actively “hunt” for threats targeting their organizations. The adoption of threat hunting thus signals a transition from reactive strategies to proactive ones, with companies looking for ways to tackle problems in a more timely and efficient way.
ABOUT DNIF – DNIF: SIEM Security, Event Log Management & Big Data Analytics
DNIF is an open Analytics Platform that uses Deep-Tech to Auto-magically identify Outliers in users application and systems in general. DNIF connects the dots in High-velocity data lake to uncover scenarios that directly impact business thereby mitigating risks and increasing efficiency.
DNIF is a next-gen SIEM that’s easy-to-use and deploy and combines the features of traditional software with advanced technologies such as security analytics, SOAR, UEBA and security data lake to bring power and efficiency to security operation centers of all sizes. It has one of the fastest response times in the industry and bridges the gap between searching, processing, analyzing and visualizing data.
DNIF offers solutions to the world’s most challenging cybersecurity problems. Recognized by Gartner and used by some of the well-known global companies such as PwC, TCS, Vodafone, Tata and some of the biggest players in the BFSI, NBFC, Telecom, and e-commerce space. A vast majority of managed security service providers use DNIF as their core for service delivery. This next generation analytics platform combines security and big data analytics to provide real-time threat detection and analytics to the most critical data assets on the Internet.
MR. SHOMIRON DASGUPTA, FOUNDER & CEO
DNIF NEXTGEN SIEM PLATFORM
With his extraordinary skillset as an intrusion analyst and immense passion for tech advancements, he has been building threat detection systems for close to two decades and has established partners in 14 countries across several industries like healthcare, insurance, transport, banking, and media.
Prior to founding and developing DNIF, a product that delivers quality attack detection products and services to its customers, he worked with ICICI Infotech Ltd. as a Senior Consultant, where his core responsibility was to solve critical cybersecurity challenges faced by customers.
Shomiron, a TedX speaker, is also an eminent speaker at many industry events including DSCI (Data Security Council of India) and SACON (Sálim Ali Centre for Ornithology and Natural History).
He is an alumnus of St. Xavier’s college. Outside the tech world, he is a trained mountaineer with expedition experience in the high Himalayas.