The Five Core Components of Proactive Cybersecurity

By

In 2016 the cyber landscape reached new heights with advanced attack methods, increased levels of sophistication and escalated frequency of adversary activity. As technically astute and often well-funded hackers continue to deploy new, constantly evolving techniques, organizations are too often focusing their efforts on detecting known threats, or Indicators of Compromise (IoC). This reactive approach doesn’t account for mutating or unknown malware, living-off-the-land techniques or new variants being deployed.

As hackers become more innovative, so must organization’s capabilities to protect their networks with next-generation, proactive approaches to prevention, detection and response, and remediation.

There are five core components to effective endpoint cybersecurity on all of these fronts:

  1. Proactive detection and response – As noted, security methods that focus on IoCs are no longer enough to address today’s advanced threats. By the time an IoC, such as a known-malware signature, is detected, the probability that the organization has been compromised is high. Instead, it’s crucial for organizations to shift to proactive cybersecurity techniques focusing on Indicators of Attack (IoAs) that identify adversary behavior, such as code execution or lateral movement. This enables organizations to prevent, detect, and respond to both known and unknown attacks.
  2. Prevention and actionable threat intelligence – In order for cybersecurity to be effective, organizations need to understand not only where the adversary is today, but where it has been, what its objectives are and what it is capable of. By integrating threat intelligence into detection and response, organizations gain a better understanding of the risks they face and can ultimately build stronger, more resilient defenses.
  3. Machine learning – Machine learning gathers and analyzes the breadth of businesses’ security-related data, including threat intelligence and reliable indicators. With accurate data input, machine learning can identify IoAs faster, supporting threat prevention with speed and scalability.
  4. Managed hunting teams – As long as there are humans behind hacks, we must have the power of humans behind our defenses. Managed hunting teams act as human enforcers, proactively patrolling the network for any anomalies or issues. This extra layer of human protection augments and enhances automated detection capabilities.
  5. Cloud-based endpoint security – Cloud-based endpoint protection technology enables organizations to scale whenever needed and offers a unique and distinct advantage in delivering speed, efficacy and response capacity. Today, enterprises are increasingly distributed and have to manage a sprawl of endpoint devices with growing mobile workforces. To that end, many CISOs struggle to provide full security coverage to all users, all the time, whether they are on or off the network.

The cloud enables the collection and analysis of billions of security events in real time that sharpens machine learning algorithms, IoA-based prevention, and detection and response capabilities. Ultimately, this leads to faster, more agile and more comprehensive defenses.

In order to stay ahead of today’s skilled hackers and evolving techniques, organizations must shift their cybersecurity approach to focus on these proactive methods – from IoAs and cloud-based endpoint security to machine learning and managed hunting teams. By unifying these crucial elements, organizations will have a significant advantage over the adversaries that target them.

About the Author

Amol Kulkarni is a seasoned engineering executive with extensive experience building large-scale big data enterprise cloud platforms, consumer cloud services and enterprise products while knitting together world class, high performing global engineering teams. Amol is currently the Vice President of Engineering for CrowdStrike, overseeing the company’s engineering organization and customer facing technology infrastructure. Prior to joining CrowdStrike, Amol held numerous senior positions at Microsoft. Most recently, he was responsible for the knowledge platform in Bing that’s driving significant gains for Bing’s U.S. search market share. Amol also held senior roles in Windows Azure and BizTalk Server, helping reduce COGs and improve developer productivity.




Edited by Alicia Young


SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More