Could Your Data Center Use A Threat Hunter?
The best defense is a good offense.
It’s no secret that cybersecurity attacks can be devastating to both data centers and the businesses they support. The very idea of a breach is enough to make security analysts break out in a cold sweat, and with good reason. Indeed, data breaches in the United States increased by 40% last year, highlighting that this epidemic is as widespread as it is serious.
Equally troubling, however, is that over two-thirds of businesses are notified of these attacks by a third-party. This means businesses are not discovering data center breaches on their own, and instead must rely on others to tell them they have been compromised.
Needless to say, this approach means more time will lapse during a breach, leaving the business vulnerable for longer, with the costs difficult to comprehend, let alone estimate.
The key to tackling data center breaches is to realize that prevention, or incident response, isn’t a sufficient security strategy. Without a doubt, the number of data breaches will likely go up again because the volume of sensitive data being collected is also increasing. The value of a breach means that not only are attacks becoming more regular, but also more sophisticated.
How then can smart data center operators tackle this issue? Well, to turn to an often-used idiom: attack is the best form of defense. Being proactive, sniffing out threats, and improving detection and response times are vital in the ongoing fight against data breaches. A mix of prevention and response is the ideal strategy.
To ensure this, data centers should turn to a specialist — someone who can think like a criminal, but use this insight for good, rather than nefarious means. This is a role colloquially known as a “threat hunter.” And it’s something to consider if you’re serious about protecting your data center and its valuable contents
A threat hunter does more than just sound cool (though they definitely do that) —they look for any exploitable chinks in the armor of a data center. By actually thinking like a criminal and adopting an “attacker mentality,” threat hunters can identify signs of weakness and follow them to a logical conclusion.
Another way of describing a threat hunter is a dedicated internal penetration tester, as opposed to a third-party, or external penetration tester. This proactivity helps you stay one step ahead of the cybercriminal, with the threat hunter identifying any potential problems before a criminal can actually act on them.
More and more businesses are looking to dedicate resources to ensuring a threat hunter is on their side. While the role of the threat hunter is yet to go truly mainstream, I believe we’re starting to see that change as data breaches become even more rampant and businesses’ hands are forced, opting for a strategy that helps tackle a problem before it potentially costs them millions.
In 2014, a security confidence survey by SolarWinds found that 84% of respondents reported their organizations had experienced an attack, with 35% reporting that it took at least one month to discover the breach. This illustrates the importance of a sound data center security strategy, and why the threat hunter is set to play an even greater role in your data center.
FINDING YOUR THREAT HUNTER
What should you look for in a threat hunter? You need someone with a wide range of experience. The more a person knows about the applications, servers, your data center employees, networks, and security methodologies — endpoint protection, data breach prevention, firewalls, security information and event management (SIEM), patch management, etc. — the better. If said person doesn’t know each of the multiple components involved in an attack, then they are not the threat hunter you are looking for.
This means it can be a real challenge for organizations looking for a threat hunter, as finding the right person, with the vast skillset needed to do the job, isn’t easy. The threat hunter is also not usually a viable option for an SMB, whose limited budgets wouldn’t allow for this advanced capability.
That said, large organizations would certainly find the recruitment worth the time, as once you find the right person for the job, the benefits are plentiful.
If a business can identify data center attack vectors before they are leveraged by cybercriminals, instead of after the fact, it can prevent real damage and better prepare for future attacks. While it comes down to a business by business decision, a dedicated threat hunter combined with a more traditional defense-in-depth security strategy may be something to consider to help ensure the security of your data center.