A Review of the Cyber ​​Security Industry Developing Over 15 Years Of Business
James “Jim” McMurray, CEO / Founder, Milton Security, Inc.
No one can argue that cyber security is as it was fifteen years ago. There are countless trends and organizations that we’ve seen come and go over the last decade and a half, but the most interesting are the evolution of the industry and the rise of Dynamic Threat Hunting (DTH). We will learn exactly what dynamic threat hunting is and how it differs from the rules of the industry, but first, it is helpful to provide a background on how we have reached this point.
Fight your Trojan
While reviewing Greek mythology, the Trojan War took place between the Greeks and the people of Troy in the 13th or 12th century BC. We will not enter into war-related events, as they are irrelevant, but we only know that one important person has been abducted – have we ever seen a movie? Taken? Yes, that’s right. The Greeks fought desperately for some time, trying desperately to find a weakness in the city’s defenses … until one day, they gave up.
Suppose, for this practice, your company is the city of Troy. No, you have not kidnapped anyone and you have not wronged anyone, you are just doing your job, trying to succeed as a state. You have been called upon to assemble a team to defend the city. A huge wall around the city and a desert that threatens your livelihood outside of that wall.
As commander of Troy’s army, how do you defend the city?
Protect Troy with a Static Security Operations Center
You decide to place sentries on top of the city wall so you can see up to miles. Your instructions clearly state that they must report anything and everything they see. You sit back and wait and almost immediately a messenger knocks on the door. They enter and tell you that Jane was planting flowers in the city garden.
Okay, that’s great, but not exactly what you had in mind.
There was another knock on the door as the messenger left. Another messenger tells you that someone is approaching the wall on horseback. Great. This is the kind of information you were looking for. You tell Messenger to find out more and report again.
There are so many messengers knocking on your door, it seems like it will never end. Most of the reports are trivial, at best, with daily work from within the wall.
There is a lot of information coming up that you are completely overwhelmed trying to figure out what is relevant to your risk profile as a threat and which is just normal daily activities.
Thus the Static Security Operations Center was born. A place where all network data is funneled without a clear picture of what is happening Who was the person on the horse? Do they continue to move or take turns and go in different directions? Were they carrying anything that could be considered a threat? You just have to be more discriminating with the help you render toward other people.
Companies that created a static SOC quickly get overloaded with data and no context. So, you decide to tune your instructions to the messengers and tell them to only report what is happening outside the walls.
Protecting Troy with a context-driven security operations center
The next day, the line of messengers was much shorter. It’s a good start. Until messengers begin to enter and report their observations.
Everyone has a seemingly scary message. There were groups gathered outside the walls. Each team had a clear leader and it looks like they are planning something. Each leader was talking to their team, pointing to the city, drawing a piece of parchment, perhaps a map, and things in the dirt.
As the days go by, the messengers keep coming, everyone gives the same report. You hear the same thing over and over again without any additional information to help you decide what you should do about these groups gathered outside the city.
This is where security tools and platforms emerge that help provide context around all network data flooding. Companies are starting to paint better – maybe there’s something we need to pay attention to And just like messengers now, warn as far as the eye can see. Now, you’re starting to worry that they’re actually planning something, or worse, something already gotten by the defense.
It makes a lot of sense to start looking again for suspicious activity within the walls, not all activity, but something that looks suspicious. And perhaps while equipping sentries with some armor and weapons to help protect against a potential breach.
Defending Troy with Managed Detection and Response (MDR)
The next day you will give your sentries new instructions and verify that supplies have been provided to help protect Troy. The messengers started coming and informed you that sometime during the night, wood and nails were delivered to the parties outside the city. Not sure what the materials are for or who provided them, the teams have obviously started working together.
Occasionally, on horseback, a group of people approaches the wall, and sentries shoot arrows to repel the threat. The messengers are reporting this activity every time an arrow is shot. Looks like everything is working. You are successfully defending the city and resisting threats.
Managed Detection and Response have been stagnant for the cyber security industry for quite some time, but imagine this same process going on year after year. The same incident was reported repeatedly. More wood and nails are being supplied every day. People try to break through the gate but are stopped by your defense. Over and over it goes. It’s the fatigue of the event and what we’ve noticed is that eventually, your team gets tired of paying attention to the details. From the outside, the city looks completely safe and there is no need to worry.
The outsiders left by one morning. Just like that, they all disappeared and only a wooden horse was parked outside the gate with a note that read: “A gift for you.”
What do you do
Protect Troy with Dynamic Threat Hunting (DTH)
At this point, we all know the story. The city rejoices and the gift is brought inside where the undoubted city Troy falls to the opponent.
Wouldn’t it be nice to know that local sawmill workers have been working overtime for the last 10 years, getting more wood than the city needs? Or does the blacksmith spend his extra time making millions of nails and tools?
Wouldn’t it be great to see a meeting between people inside the city and leaders of external threat groups in the dark of night? Are they coming up with a creative plan to avoid the scams?
Not every breach has an internal threat element, but sometimes, people, processes and technology lend themselves to a simple goal. Like giving local administrator rights to everyone on their personal computer so that when a link is clicked in a phishing email, the attacker now has complete control over that machine.
Dynamic Threat Hunting is when you combine AI and ML’s wire-speed with the creative understanding of Human Threat Hunters to provide an intelligent, context-aware, and timely security operation that not only collects and analyzes data but actually looks like attackers. And looking beyond data, alerts and events.
For a trained threat hunter, a simple daily event can be the key to turning a scouting session into a deep prey. Combining this with the speed of messaging and telemetry processing machines about what is happening in the world and in your network, a crystal clear picture can be unveiled. From there, you have the ability to repel the attack and protect your organization before it happens.
Protecting Troy, like protecting your organization, is an important task and will not be accomplished by any equipment or platform alone. Similarly, you can’t throw a bunch of corpses into it to solve a problem. The two must work together to successfully carry out dynamic threat hunting.
Setting up a Dynamic Threat Hunting Team is not an easy task to look at all the noise and find the needle in a haystack, but Milton Security has been working on it for the last 15 years. We were the first Dynamic Threat Hunting provider and we are still the leader after so long.
About the author
James “Jim” McMurray is the founder and CEO of Milton Security, a major contributor to Dynamic Threat Hunting. With over 30 years of combined experience in security, information technology, telecommunications, networking, management and software development, James Milton founded Security to bring exceptional network security within the reach of all organizations.
Prior to launching Milton Security in 2007, he worked with a wide spectrum of companies ranging from startups to Fortune 1000 in and around the Bay Area. He has also proudly served as a member of the US Coast Guard at USCGC Taney and USCGC Morgenthau.
McMurray has a passion for bourbon and a deep hatred for beets. He openly shares two with everyone.
For more information on Milton security, please see https://miltonsecurity.com; To learn more about James, follow him LinkedIn, InstagramAnd Twitter.
Notice of fair use: Under the “fair use” law, other authors may restrict the use of the original author’s work without permission. 17 In accordance with US Code § 107, certain use of copyrighted material “for the purposes of criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not a copyright infringement.” As a matter of policy, fair use is based on the belief that parts of copyrighted material are free to be used for the purpose of public comment and criticism. The privilege of fair use is perhaps the most significant limitation of the exclusive rights of a copyright owner. Cyber ​​Defense Media Group is a news reporting company that reports cyber news, events, information and much more on our website Cyber ​​Defense Magazine at no charge. All images and reporting are done exclusively under the fair use of US copyright law.
