Threat Management

Machine Learning and Cyber Hunting for All Organizations

By Kris Lovejoy

In today’s threat landscape you either hunt or you’re hunted. As organizations around the world are dealing with the sophistication of today’s hackers, they are recognizing that proactive approaches are needed to address advanced cyber threats. In many cases, they are turning to new concepts like cyber hunting.

Cyber hunting is a term that many individuals in the security industry are trying to understand. Tasked with seeking out indicators and remnants of malicious activity, some organizations are taking the necessary steps to proactively hunt for cyber adversaries to protect the “crown jewels” of their organizations. While the perception currently is that cyber hunters are uniquely skilled analysts with a sixth sense for finding relevant threats, the reality is that technology has significantly simplified a process that used to be manual and extremely time-consuming.

Today cyber hunting is available to the masses, thanks to technologies such as machine learning, which make it much easier for organizations to spin up teams to proactively pursue advanced persistent threats.

Threat actors and malware authors are becoming creative and have had many years to develop strategies to defeat today’s most common detection techniques. The evidence of their success is widely known, and the need for new approaches, such as supervised machine learning, is essential if network security operators are able to reduce the risk of costly data breaches and the resultant forensic investigations and eradicate/mitigate/restore activities.

For the ordinary enterprise, the hunt needs to begin before assets are even compromised. As threats continue to sidestep traditional approaches, organizations need to leverage machine learning detection engines to help focus hunting activities around promising leads. With such an approach, organizations can scale analyst capabilities, automate second-stage content analysis, collect network metadata, and correlate events to rapidly assess each lead. As leads are evaluated by the operator, the machine learning algorithms are retrained to improve itself by learning from not only mistakes but also successes.  Once machine learning begins within a particular environment, defenses begin to evolve. What was once an approach available only to elite analysts, can now be scaled to the enterprise.

Click here for more information on our InfoSec World Conference & Expo in Orlando.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.