HOME
NEWS

The Paramount importance of Threat Intelligence & Threat Hunting for Indian Enterprises


By VARINDIA - 2020-05-29
The Paramount importance of Threat Intelligence & Threat Hunting for Indian Enterprises

Aditya Mukherjee, Security Leader, Accenture

 

Cyber Threat Intelligence (CTI) is a new yet massively evolving domain in information security today. Since the beginning of time, Information (Knowledge) has always been regarded as a critical form of an advantage in any strategy-making process. CTI over the years has rolled from a previously perceived set of skills and techniques to a well-defined framework with the new infused market requirements spawning from the recent threat activities in the ever-changing IT landscape which has bought sophisticated attacks such as State-sponsored cyber-attacks, Ransomware, APT’s, Zero-days and Hacktivism that is now at the very doorstep of Governments, Big, Medium & Small Corporations alike.

 

Threat Hunting on the other hand is all about proactively hunting for undetected intruders and signs of potential intrusions in the enterprise environment. Quite simply put, it is the pursuit of abnormal activity in the organization for signs of compromise, intrusion, or exfiltration of data, which is yet not detected by traditional Security Mitigation and Detection tools and Platforms.

 

Introduction to Threat Intelligence

 

Threat intelligence lifecycle can be broken down into 5 steps -


    1.    Planning & Direction - This is the first stage of TI lifecycle which focuses on the expectation from the TI program and how the intel will be consumed and used to derive value for the business.

 

    2.    Collection - This stage talks about which sources to monitor, what data is collected, when and how it is collected. This needs to be an iterate process where the feeds are constantly reviewed to improve the injection of quality data.

 

    3.    Processing - This stage talks about how the collected intel is processed for consumption. This includes the actual implementation of normalization and contextualization of the data with data enrichment.

 

    4.    Analysis & Production - This stage focuses on analysis of the intel to comprehend the value add that the intel is providing.

 

    5.    Dissemination - Threat Intel can be pushed in different formats, it can be a Threat intel report which is a human readable format containing research-based artefacts and TTP coverage.

 

PREPARING TO HUNT

 

People - Threat hunters need to have a deep understanding of OS internals (Process tree structure, Registry), applications, network tropology & tools at detailed level.

 

Time - Threat hunting needs to be done in a continuous manner. Which needs dedicated time towards the activity. Once results are delivered, more time can be invested on the same.

 

 Training - Threat Hunting is all about skilled analysis to detect anomalies in the environment. Hence trainings on OS internals, Endpoint application behaviour, threat hunting tools, Incident response procedures & exploitation techniques will help in getting better insights into the target infrastructure.

 

Procedure - A structured approach, to document and enhance Endpoint baselining, Hunting practices, Response mechanism can better enable the Threat hunting initiative.

 

Tools - Applications that provide Endpoint (Parent & Child processes, File activity) / Network visibility (IPS, web filtering, firewall logs, & NetFlow tools), Anomaly detection, Data Correlation & Analytics capability & TI integrated with SIEM.

 

Red Teaming - As a Threat hunter it is important to anticipate how attacks are likely to attack the environment. Hunters need to be familiar with the architecture and data flow with key focuses at gaps & blind spots in the organization.

 

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA