How to Defend Against Ever-Changing Threat Tactics
As bad actors alter their methods continually, organization may find it challenging to keep up. Preventing an attack is a Herculean task, one which many organizations aren’t prepared to handle.
However, defense tactics have continued to evolve, as well, and Appelman offered suggestions on how organizations can detect and eliminate threats. “On average, we see organizations take 162 hours to detect, understand and fully eradicate a threat from an endpoint in their environment. So, we recommend that organizations strive to follow what we call the 1-10-60 rule, or one minute to detect something, 10 minutes to understand it and 60 minutes to fully eradicate a threat from an endpoint in their environment.”
Appelman also said organizations should have recovery plans in place. “Knowing your adversary can greatly assist in not only proactive threat hunting but also in effective remediation efforts. Because if you’re aware of those tactics, techniques and procedures of a threat actor, you know where to look.”
Sometimes, the Best Cyber Defense Is a Good Offense
Appelman stressed the importance of thinking proactively when developing a cybersecurity strategy. “I think the first thing that comes to mind always is threat hunting. The adoption of an endpoint detection and response tool, making sure that the patches are updated and passwords are reset. I think that’s one of the first ways in which you actually become proactive.”
“Especially from a threat hunting perspective, it goes back to knowing your adversary and adopting an intelligence suite or product or partnership there, and really knowing what to look for and having that data repository in which you can actually parse that data,” Appelman continued. “I think a lot of organizations today should always be performing strategic and technical advisory services as well. I think every organization should be performing pen tests annually, both internally and externally.”
Appelman also said security tools are evolving just as quickly as the threat tactics bad actors employ. EDR tools are a good starting point for organizations to improve their threat hunting efforts, and some security tools have started to use AI solutions for threat prevention and detection purposes.