Admit it. You’ve blindly thrown IoCs in a public threat intelligence report into a blocklist; it’s a common reactive defense method we’ve all done. But what happens when attackers abandon the IoCs? Will this reactive defense method still be effective, or does it create more false positives, leading to even more alert fatigue?
Cybersecurity in the 2020s and beyond needs to be more proactive. While blocklists are still useful, not all cyber threat intelligence may be useful against the unique threats Taiwanese enterprises face. Thankfully, the technology to run an effective automated proactive defense against tomorrow’s threats exists today.
Through real-world financial fraud case studies, I will demonstrate not only the benefits of automated threat hunting but also why it is crucial in operating an effective, modern, proactive defense.
Automated threat hunting increases situation awareness on the network layer—a necessity when defending enterprises with hundreds or thousands of devices and network connections. SOC analysts no longer need to spend excessive amounts of time investigating each and every connection or interaction with an unknown domain. Instead, automated threat hunting rapidly identifies potential relevant threats, such as malicious domains, out of the vast raw intelligence collected during the threat hunting process, creating an efficient and effective proactive defense.
In the coming decades, enterprises with effective proactive defense capabilities will become far more resilient to cyber attacks than those enterprises who don’t evolve. Automated threat hunting provides SOCs with the fast, accurate, relevant, and contextual intelligence necessary to power an effective proactive defense capable of fighting modern cyber threats—and winning.
Dange Lin (Tien-Chih Lin) is a cyber security researcher at CyCraft. He earned his master’s degree in Computer and Communication Engineering from National Cheng Kung University (NCKU). Currently, he focuses on threat intelligence, machine learning, incident response, and APT research. He has been the speaker in various training for students and presented technical presentations in technical conferences, such as Taiwan Incident Response Conference and European Conference on Cyber Warfare and Security.