The Future of Cybersecurity: The Best Defense is a Good Offense

Does it help you sleep thinking that your cyber team has a plan to respond after you’ve been hacked? It shouldn’t. Your organization may have used a “react-and-defend” approach to cybersecurity for years. But if you think this strategy is enough to protect your organization from a breach, you’re wrong.

Too many organizations wait to be notified that they’ve been breached. Yet with the increasing number and scale of cyberattacks—and the sophisticated techniques threat actors are using to mask their activities—the traditional approach of “building bigger fences” will no longer suffice.

The recent hack of Equifax has posed one of the most significant risks to personally sensitive information in years, potentially exposing data for as many as 143 million Americans, according to the New York Times. High-profile, large-scale breaches like the one at Equifax serve as reminders that a defensive cyber approach is no longer sufficient.

In today’s unpredictable environment, filled with rapidly evolving threat actors and emerging technologies, the only way organizations can protect themselves is by unleashing offensive cyber techniques to uncover advanced adversaries on their networks. The most effective approach—Threat hunting—is essential to any organization that wants to stop and prevent attacks in its networks.

Advanced adversaries live in the noise of networks and defeat reactive, rule-based cybersecurity defenses by constantly developing malicious tactics, techniques, and procedures (TTPs). These developments—such as polymorphic and obfuscated malware, dynamic infrastructure, file-less malware, and hijacking legitimate operating system functions—all evade traditional defenses. 

In working with clients on hunt engagements, Booz Allen found an average dwell time—that is, the time an advanced adversary lies undetected in a victim’s network—of 200-250 days before discovery. Threat hunting involves actively searching for compromises before alarm bells go off, carefully combing through networks and datasets to discover hidden threats. By regularly evaluating their networks for threat activity, organizations can catch attacks in progress—before it’s too late.

This proactive approach relies on sophisticated tools and tradecraft, such as automation, threat intelligence, threat analytics, and artificial intelligence, to gather and analyze huge reams of data. These tools can identify and mitigate threats at machine speed using customized delivery models.

But not all threats can be detected with automated tools alone. These tools must be paired with trained threat analysts who have a deep understanding of their operating environment and an ability to ask the right questions. Threat analysts can make sense of complex data, develop hunting hypotheses, and test these hypotheses to better identify hidden threats.

Even with trained analysts using the right tools, ad-hoc hunting isn’t enough—it must be standardized and measured. Threat hunting requires implementing a repeatable process that’s part and parcel of an organization’s overarching security strategy. Fusing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools intelligently can help to streamline this process.

At Booz Allen, we spent the last decade refining our tradecraft and assembling teams of analysts who can think like the enemy and know how to identify warning signs. Our analysts specialize in global malware hunt operations, anti-malware research, and development of APT countermeasures, and use measurable processes to strengthen network defenses and identify adversary activity.

Incidents like the Equifax hack don’t have to be inevitable. Organizations need to take steps now to improve their security posture before the next attack hits. Three elements—analytical tools, talented threat analysts, and a standardized hunt process embedded in a broader security strategy—can be the key to knowing your organization is protected.

With Threat Hunting, you can sleep well at night—or at least a little better.