Prevent, Monitor, and Respond to Cyber Threats
Learning Objectives
After completing this unit, you’ll be able to:
- Describe the responsibilities of a threat intelligence team.
- List key skills needed to prevent, detect, and respond to cyber threats.
Manage Cyber Threats with a Threat Intelligence Team
Cybercriminals continue improving their attack methods to outsmart security teams. Successfully preventing breaches requires a security team that can quickly identify new attack vectors, detect new threat techniques, and respond to a changing threat landscape.
To effectively detect new threats, organizations must use a diverse range of sources, and novel detection techniques. Today’s organizations rely increasingly on machine learning and artificial intelligence technologies to identify anomalous behavior and detect and prevent zero-day exploits not seen previously. They use detection systems that ingest a wide variety of threat intelligence and operational data, run regressions and analytics, and produce high-fidelity signals that indicate an anomaly for further investigation.
In addition to using machine learning for threat detection, strong threat intelligence teams proactively hunt throughout the organization’s infrastructure for malicious activity. Moreover, they scour the Internet, social media, and the dark web for stolen data and information on key executives and business operations that could be used for social engineering, spear phishing, or scams. As a resource, the Mitre Att&ck Framework provides knowledge of common tactics used by adversaries.
Prevent, Detect, and Respond to Cyber Threats
The question is not if, but when a significant breach will occur. Savvy organizations develop a robust, risk-based approach to measuring risks and responding to cyberattacks that is tailored to their business context across the following three dimensions.
- The people and organization that operationalize these services
- The processes and procedures to effectively manage them
- The technologies that will be acquired and implemented
Large organizations often hire in-house cybersecurity experts to manage some complex services (including penetration testing, a security operations centre, threat hunting, and so on). Smaller enterprises often outsource these services to a managed security service provider. When considering the outsourcing of security services, savvy businesses do their due diligence, engage with reputable service providers, and establish detailed service level agreements.
When managing cyber threats, a three-pronged approach can help mitigate the risks to your enterprise.
-
Prevent. Preventive strategies must evolve continuously, from an organization’s security policies and awareness program to the actual access controls technology teams use.
-
Detect. Selecting and deploying appropriate controls for the timely detection and notification of compromises is critical. Strong organizations monitor critical assets.
-
Respond. Detection is pointless without a response. Effective organizations respond in a timely manner to security incidents to mitigate the impact to the business.
Sum It Up
In this unit you’ve learned more about how to prevent, detect, and respond to cyber threats. You’ve learned about steps savvy organizations take to leverage threat intelligence teams, detect abnormal activity, and to plan to respond to an incident. Next, let’s turn to how organizations can prepare for incidents further by putting in place a crisis management plan.
Resources
- External Site: ATT&CK MITRE
- External Site: National Cyber Security Centre: Reducing Your Exposure to Cyberattack
- Blog: IT Governance: How to Identify and Respond to Cyber Threats