Businesses Can’t Stop What They’re Unable To See
Organizations need to understand every process, network connection and system change inside their environment, and should be able to index and search events with threat intelligence and updated information about indicators of compromise, according to CrowdStrike CTO Michael Sentonas. But visibility comes first, Sentonas said, since businesses can’t stop what they’re unable to see.
Specifically, Sentonas said every device inside an organization’s network should be instrumented to get the necessary telemetry to determine if something is malicious or out of the ordinary. From there, Sentonas said runtime security is vital to stop malicious code execution, while attack surface minimization will play a key role in reducing the opportunity for an adversary to get on the network.
From an intelligence standpoint, Sentonas said businesses should know what techniques adversaries are most likely to use and go hunt for them, while managed threat hunting services available to companies that don’t have the skills to do themselves. Doing threat hunting requires hiring and training specialists as well as having the ability to orchestrate staff to search around the clock for potential attackers.