Page 34 - ADT NOVEMBER - DECEMBER 2022 Online Magazine
P. 34
COLUMN
advanced persistent threats (APTs), cybercrime, THREAT HUNTING IN PRACTICE
policy misuse, insider threats, poor security
practices, and environmental vulnerabilities. The While the concept of threat hunting seems reasonable, it is quite
activity aims to identify attacks that slipped challenging to do in practice. Threat hunting across various secu-
past your defensive shield. rity technologies’ disparate log data is challenging; this is why XDR
vendors are able to offer a much more efficient solution to threat
COMPLYING WITH LEGISLATION hunting. Collected endpoint data includes all network connections,
file events, and registry events. This creates a rich hunting ground
To be compliant, organisations must collect and to proactively identify hidden threats, risks, and vulnerabilities and
store logs of all attempts to access the CII and empower your team to proactively mitigate risks that degrade your
a number of network connection attempts from security posture.
both within and outside the CII. Organisations However, even with access to this vast collection of data, it is still
also need to collect and store firewall logs, DNS challenging to effectively threat hunt without a full-time team of
logs, web proxy logs, and NIDS/NIPS logs. threat intelligence experts, malware reverse engineers, hunters,
and investigators. For this reason, cybersecurity vendors offer a
To complicate matters further, the logs must threat hunting/compromise assessment service. For example, some
use a consistent time source, be protected cybersecurity vendors provide expert hunters that will leverage their
against unauthorized access, and be stored for proprietary hunting methodology and intelligence enrichment to
a minimum period of 12 months. They must be hunt your global environment and provide a prioritized roadmap of
monitored by a log retention policy and have a identified threats and risks with mitigation guidance for every finding.
log file structure that facilitates analysis. These
logs must be handed to the CSA commissioner BENEFITS OF THREAT HUNTING
upon request for threat monitoring, threat anal-
ysis, threat alerts, and threat response. Threat hunting allows CIIs to proactively get ahead of the latest
threats by hunting for malicious activity. It helps to improve a CII’s
Singaporean CIIs have until July 4, 2024, to con- true risk posture and prevent any number of cyber incidents from
duct their first threat hunt. After that, they must progressing into full-blown attacks. When threat-hunting activities
complete a threat-hunting exercise every 24 are complete, they provide confidence and peace of mind to CIIOs
months. Any cybersecurity risks that are iden- who no longer need to worry about latent threats hiding within the
tified during the threat-hunting exercise must network.
be included in cybersecurity risk assessments
to ensure that any found threats are assessed, STRENGTHENING YOUR SECURITY POSTURE
mitigated, and tracked. Additionally, they must
investigate those threats to determine whether Threat hunting is an important element in building up a CII’s security
any incident took place in the past. If an incident posture. However, for Singaporean organisations to comply with
was uncovered, the CIIO is responsible to lead the directive, they need to ensure they have the right tools and
over a threat that is hiding in plain sight.
applicable incident reporting, response, and processes in place to conduct the hunt. Otherwise, they may pass
recovery plans.
34 | NOVEMBER-DECEMBER 2022 WWW.GBP.COM.SG/ADT
