Interviews

Cyber threats are 24-hour

by Mark Rowe

A teenager from Bedfordshire was arrested for setting up a cyber business that carried out more than 1.7m attacks on websites including Microsoft and Xbox Live. If that’s what one man can do, imagine what an organised cyber-business is capable of. Cybercrime is now highly organised, innovative and quite frankly, big business, writes Martin Lee, Technical Lead, Security Research Manager, Talos Outreach EMEA.

Money isn’t the only factor driving criminals. The National Crime Agency (NCA) recently released a report identifying that cyber criminals were encouraged by the thrill of overcoming programming challenges, improving their skill with web and networking technologies and were driven by their curiosity and a sense of accomplishment.

This sense of accomplishment is echoed by those working in the cyber security industry and drives them to defend against sophisticated cyber-attacks. But keeping up with the number of security alerts is by no mean feat. Cisco’s Annual Cybersecurity Report, found that 44 per cent of Security Operations Managers experience more than 5000 security alerts per day.

This high volume of threats converts to more than three a minute. These all need to be triaged to see if they indicate a serious incident or not and this needs to be in progress throughout the day and night. To maintain levels of protection, the efforts of security teams needs to be augmented by threat intelligence and automated analysis in order to automatically block the most egregious attempts to compromise systems and to highlight areas where human oversight and detective work is most needed.

Talos, the threat intelligence and security research group of Cisco, blocks in excess of 20 billion threats each day. Through monitoring the threat environment and constantly updating detection logic, the security researchers and the automated systems that comprise Talos are able to update Cisco’s security products with the threat intelligence necessary to keep abreast of the latest threats.

Hackers are clever, but not as clever as the combination of intelligence, analytics and technology that we now have at our disposal. The confidence that the vast majority of threats are being blocked by network and system protection, can free up security operations teams to focus on investigating unusual activity rather than simply checking off alerts.

The tools to help teams use the network as a sensor to hunt down threats and spot system infiltration early are now readily available to businesses and need to be implemented. Constantly searching for threats needs to be a way of life and adopted by businesses as usual practice.

The threat landscape has evolved and so must the response. Security teams need to move towards a ‘Sherlock Holmes’ style approach, following clues to hunt down issues on their network, away from an operational model of clearing so many alerts as quickly as possible.

This starts by introducing a culture where active threat hunting is not a luxury, but a necessity. It not only helps businesses identify a breach, it also ensures that they have a chance to stay one step ahead of the bad guys.

Ultimately, threat hunting isn’t a 9 to 5 job. Threat hunting never sleeps. But today’s technology means businesses have vital tools to prevent business leaders from losing sleep over the growing cyber threat.

Related News

  • Interviews

    Prison key

    by Mark Rowe

    The prison environment is highly structured to ensure that security, safety and order can be maintained, writes Fernando Pires, VP, Sales and…

  • Interviews

    Protect Duty latest

    by Mark Rowe

    The February 2023 print edition of Professional Security Magazine rounds up the latest on the counter-terrorism Protect Duty, after Prime Minister Rishi…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing