Despite recent advances in Artificial Intelligence, attackers are human and the best way to counter a human attacker is with a human defender. Today’s advanced adversaries are extremely skilled and they understand the inner workings of traditional defenses. This, coupled with their unwavering persistence, means they routinely bypass an organization’s protective measures as those measures rely on attempting to identify the malware being deployed. When you consider that only 40 per cent of advanced attacks stem from malware, it’s easy to see why attackers are able penetrate defenses time after time.
Steve Jobs once framed his approach this way: “It is in Apple’s DNA that technology alone is not enough—it’s technology married with liberal arts, married with the humanities, that yields us the results that make our heart sing." He was right. The best, most comprehensive solutions usually represent a marriage of technology and the humanities.
This also holds true for threat hunting. Our adversaries are humans just like you and I and when these adversaries operate on your systems, they leave a trail that only a human can detect. You will need a human to understand what actions they take in the OS (chokepoints), and to read the breadcrumbs they leave on and across systems (patterns and anomalies).
So as you move your budget to more detection, monitoring, response and intelligence you need to shift your teams’ skill base accordingly. It's no easy task since this means hiring forensic analysts, incident analysts and responders, malware analysts, threat hunters, and intelligence analysts to name a few. These resources are difficult to recruit, expensive to retain and most organizations will be hard-pressed to identify the real experts from those who just have the word security in their title.
At LMNTRIX, we have recruited some of the best minds in the security industry to help protect our clients and assist our MSSP partners. This involves the proactive, stealthy, and methodical pursuit and eviction of adversaries inside your network without relying on IOCs. Our team of expert intrusion analysts and threat hunters monitor your networks and endpoints 24x7, using the most up-to-date intelligence and tactics to identify compromises and run deep analysis to confirm potential attacks.