Page 103 - Cyber Warnings
P. 103
For Security Threat Hunters: Threat hunters must be able to investigate and respond to
incidents and suspicious events on the their network that are linked to external threats.
Most hunters today are plagued by floods of false positives and must sift through the
inconsequential to find meaningful threats.
Having up-to-the-minute, comprehensive knowledge of external threats hastens investigations
and the process of triaging incidents and events.
For the Security Operations Center (SOC): While threat hunters may be proactively tracking
down clues about internal security issues, the SOC team needs to quickly respond to problems
prompted by the SIEM or individual security components.
Again, a surfeit of false positives is a major obstacle, and differentiating between the significant
and insignificant is time-consuming and problematic. SOC teams can only assess a fraction of
security alerts, and they could easily miss an important security event in alerts they are not able
to review.
The cybersecurity executive order is a great first step in suring up the nation's digital
infrastructure and protecting against modern threats. But fulfilling its requirements goes beyond
the firewall.
To protect government networks, they must be able to discover and monitor assets across all
channels, including all application stores and portals, social media properties, DNS changes
and web content or destinations.
About the Author
Elias (Lou) Manousos is a recognized expert in internet security and fraud
prevention. He has been developing and delivering enterprise protection
technologies for more than 15 years. As CEO of RiskIQ, he has spearheaded
a new approach that helps internet, financial services, healthcare, media and
consumer packaged goods companies protect their brands from online fraud.
He is also co-chair of the Online Trust Alliance (OTA) Anti-Malvertising
Working Group and is responsible for Malvertisements.com, the first and only public database
documenting malvertising incidents on a continuous basis. Prior to RiskIQ, Elias was VP of R&D
at Securant Technologies (acquired by RSA), which pioneered identity and access management
for web applications. At Securant, he was instrumental in creating now-commonplace
technologies for single sign-on (SSO) security.
103 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
