Connect with us


Cyber Security: 6 tips To Hunt Threat, Safeguard Critical Assets



Cyber Security: 6 tips To Hunt Threat, Safeguard Critical Assets

Most crucial step in cyber security is to find threat actors before they find out or launch attack.

How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars.

Consider this staggering statistic. Cybersecurity Ventures estimates that cybercrime will take a $10.5 trillion toll on the global economy by 2025. Measuring this amount as a country, the cost of cybercrime equals the world’s third-largest economy after the U.S. and China. But with effective threat hunting, you can keep bad actors from wreaking havoc on your organization.

This article offers a detailed explanation of threat hunting – what it is, how to do it thoroughly and effectively, and how cyber threat intelligence (CTI) can bolster your threat-hunting efforts.

Cyber Security: 6 tips To Hunt Threat, Safeguard Critical Assets

Cyber Security: 6 tips To Hunt Threat, Safeguard Critical Assets

What is threat hunting?

Cyber threat hunting is gathering evidence that a threat is materializing. It’s a continuous process that helps you find the threats that pose the most significant risk to your organization and empowers your team to stop them before an attack launches.

6 Tips to Hunt Threat

Throughout the hunt, careful planning and attention to detail are essential, as well as ensuring all team members follow the same plan. To maintain efficiency, document every step so others on your team can easily repeat the same process.

1 — Organize the hunt

Ensure your team is prepared and organized by inventorying your critical assets, including endpoints, servers, applications, and services. This step helps you understand what you’re trying to protect and the threats they are most prone to. Next, determine each asset’s location, who has access, and how provisioning of access takes place.

Finally, define your priority intelligence requirements (PIRs) by asking questions about potential threats based on your organization’s environment and infrastructure. For example, if you have a remote or hybrid workforce, such questions might include:

  • To which threats are remote devices most vulnerable?
  • What sort of evidence would those threats leave behind?
  • How will we determine if an employee is compromised?

— Plan the hunt

In this phase, you will set the necessary parameters through the following:

  • State your purpose – including why the hunt is necessary and which threat(s) you should focus on, as determined by your PIRs. (For example, a remote workforce may be more prone to phishing attacks under a BYOD model.)
  • Define the scope – identify your assumptions and state your hypothesis based on what you know. You can narrow your scope by understanding what evidence will surface if the threat you’re looking for launches.
  • Understand your limitations, such as what data sets you can access, what resources you must analyze, and how much time you have.
  • Set the time frame with a realistic deadline.
  • Determine which environments to exclude, and look for contractual relationships that may prevent you from carrying out the hunt in specific settings.
  • Understand the legal and regulatory constraints you must follow. (You can’t break the law, even when hunting for bad guys.)

— Use the right tools for the job

There are plenty of tools for threat hunting, depending on your assets inventory and hypothesis. For example, if you’re looking for a potential compromise, SIEM and investigative tools can help you review logs and determine if there are any leaks. Following is a sample list of options that can significantly improve threat-hunting efficiencies:

  • Threat intelligence – specifically, automated feeds and investigative portals that fetch threat intelligence from the deep and dark web
  • Search engines and web spiders
  • Information from cybersecurity and antivirus vendors
  • Government resources
  • Public media – cybersecurity blogs, online news sites, and magazines
  • SIEM, SOAR, investigative tools, and OSINT tools
Cyber Security: 6 tips To Hunt Threat, Safeguard Critical Assets

Cyber Security: 6 tips To Hunt Threat, Safeguard Critical Assets

— Execute the hunt

When executing the hunt, it’s best to keep it simple. Follow your plan point by point to stay on track and avoid diversions and distractions. Execution takes place in four phases:

  • Collect: this is the most labor-intensive part of a threat hunt, especially if you use manual methods to gather threat information.
  • Process: compile data and process it in an organized and readable format for other threat analysts to understand.
  • Analyze: determine what your findings reveal.
  • Conclusion: if you find a threat, do you have data to support its severity?

— Conclude and evaluate the hunt

Evaluating your work before you begin the next hunt is imperative to help you improve as you go. Below are some questions to consider in this phase:

  • Was the chosen hypothesis appropriate to the hunt?
  • Was the scope narrow enough?
  • Did you collect helpful intelligence, or could some processes be done differently?
  • Did you have the right tools?
  • Did everyone follow the plan and process?
  • Did leadership feel empowered to address questions along the way, and did they have access to all the needed information?

— Report and act on your findings

In concluding the hunt, you can see if your data supports your hypothesis – and if it does, you’ll alert the cybersecurity and incident response teams. If there is no evidence of the specific issue, you’ll need to evaluate resources and ensure there were no gaps in the data analysis. For example, you may realize that you reviewed your logs for a compromise but did not check for leaked data on the dark web.

Take threat hunting to the next level with CTI

CTI can be an effective component of your threat-hunting program, particularly when the threat intelligence data is comprehensive and includes business context and relevance to your organization. Cybersixgill removes the access barrier to the most valuable sources of CTI and provides deep-dive investigative capabilities to help your team seek the highest-priority potential cyberthreats.

Our investigative portal enables you to compile, manage and monitor your complete asset inventory across the deep, dark and clear web. This intelligence helps you identify potential risks and exposure, understand potential attack paths and threat actor TTPs to proactively expose and prevent emerging cyber attacks before they are weaponized.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Entrepreneurs seek tax waivers on renewable energy products, say manpower development necessary



renewable energy sector

Some entrepreneurs in the renewable energy sector on Wednesday called for tax waivers on renewable energy products in order to increase access and encourage more people to use green alternatives.

The entrepreneurs stated this in separate interviews with the News Agency of Nigeria (NAN) in Ibadan while speaking on the importance of manpower development in renewable energy in Nigeria.

The Chief Executive Officer of Gacht Solar, Adekunle Audu, said training and retraining were essential to the uptake of renewable energy in Nigeria, especially the off-grid solar technology.

Audu commended Nexgen Energy for organising training for small and medium entrepreneurs to ensure renewable energy has wider acceptance through excellent service delivery.

According to him, the training opened him to new opportunities and networking which have been aiding his venture.

“The Customs duties we pay on our goods when we import (them) is so much and since power is one of the problems in Nigeria, if the government can at least do a tax waiver on some of our products it will really go a long way in helping the power sector,” Audu said.

Also, the Managing Director of Goldmine Technosolar Company, Mr John Olateju, said knowledge of renewable energy products and installation techniques were salient skills essentials for distributors of renewable energy.

He said this was due to constant technological advancement.

According to him, the Techfine training he attended was a good one which created networking among dealers, installers and stakeholders in the industry.

“If such a programme is organised from time to time, it will help installers to operate efficiently and have a voice which will be to the betterment of the nation at large,” Olateju said.

He said government could do a lot to make the renewable energy sector viable, such as encouraging end-users to take to renewable energy through various incentives.

Olateju said such a strategy would make the products affordable and available with the option of loan repayments to uptake renewable energy spread over five to 10 years.

“Considering the economy of this country, the government should be abler to do more than it is already doing, so that the price of renewable energy can be affordable to Nigerians,” he said.

The Chief Executive Officer of Starkbase Consult, Mr Abiodun Oluborode, said manpower development through training and re-training helps people to acquire knowledge.

He said such knowledge would translate to growth and development, especially for start-up businesses.

Oluborode said he had acquired training from Nexgen Energy on how to calculate load on solar energy for installation for clients which had to improve service delivery.

He pointed out that this was something he did not know prior to the training.

Oluborode said most entrepreneurs who want to venture into the renewable energy business had been developing cold feet due to high taxes on the product.

He said this was in spite of the opportunities created by incessant power outages.

“The government should reduce tax one way or the other and encourage people to go into solar. You can see what is happening. Businesses are going down due to lack of power supply from the national grid.

“It should also encourage start-up’s’ businesses by providing them grants, especially for those who are into solar as it is being done for those in the agriculture sector.

”This is because I have a lot of people who want to go into the business, but they do not have the capital,” Oluborode said.

Also, a Sales Representative of Greenlife Power System, Mr Ayo Ogundiya, said government should provide an enabling environment for renewable energy operators.

He added that there were a lot of opportunities in renewable energy in Nigeria and, if harnessed, they can thrive and contribute to the economy of the nation.

Continue Reading


Virgin Galactic to launch its first space tourism flight



Virgin Galactic to launch its first space tourism flight

An 80-year old former Olympian with Parkinson’s disease would be one of three passengers on board Virgin Galactic’s first space tourism flight when it blasts off on Thursday.

Jon Goodwin, from Newcastle, would join Keisha Schahaff, 46, and her daughter Anastatia Mayers, 18, who is studying physics in Aberdeen, on the VSS Unity for the 90-minute trip.

The two women would be the first mother and daughter to make a trip to space after winning a coveted place in a prize draw.

Goodwin secured his seat 18 years ago after buying a 250,000 dollars ticket.

It would be taking off at 4 p.m. (1500 GMT) from New Mexico in the U.S., in the mothership VMS Eve and VSS Unity.

It would separate and take them into sub-orbital space, where they would briefly experience weightlessness, while looking back at Earth.

The trip would raise funds for Space for Humanity, a non-profit group which seeks to send ordinary citizens into space to give them a grander perspective on the challenges facing Earth.

The three would be joined by astronaut instructor Beth Moses.

In June Sir Richard Branson’s Virgin Galactic successfully completed the company’s first commercial spaceflight, taking Italian astronauts into space to conduct a number of scientific experiments.

The company is calling the first private astronaut mission on Thursday Galactic 02.

Continue Reading