CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
Admit it. You’ve blindly thrown IoCs in a public threat intelligence report into a blocklist; it’s a common reactive defense method we’ve all done. But what happens when attackers abandon the IoCs? Will this reactive defense method still be effective, or does it create more false positives, leading to even more alert fatigue?
Cybersecurity in the 2020s and beyond needs to be more proactive. While blocklists are still useful, not all cyber threat intelligence may be useful against the unique threats Taiwanese enterprises face. Thankfully, the technology to run an effective automated proactive defense against tomorrow’s threats exists today.
Through real-world financial fraud case studies, I will demonstrate not only the benefits of automated threat hunting but also why it is crucial in operating an effective, modern, proactive defense.
Automated threat hunting increases situation awareness on the network layer—a necessity when defending enterprises with hundreds or thousands of devices and network connections. SOC analysts no longer need to spend excessive amounts of time investigating each and every connection or interaction with an unknown domain. Instead, automated threat hunting rapidly identifies potential relevant threats, such as malicious domains, out of the vast raw intelligence collected during the threat hunting process, creating an efficient and effective proactive defense.
In the coming decades, enterprises with effective proactive defense capabilities will become far more resilient to cyber attacks than those enterprises who don’t evolve. Automated threat hunting provides SOCs with the fast, accurate, relevant, and contextual intelligence necessary to power an effective proactive defense capable of fighting modern cyber threats—and winning.
Dange Lin is a cybersecurity researcher at CyCraft Technology and focuses on automotive security, cloud security, machine learning, and threat intelligence analysis. He is currently responsible for cybersecurity for MIH Working Groups. He has delivered speeches at various seminars including HITCON, MOPCON, and CYBERSEC.