Listen "External Threat Hunting & Active Defense"
Episode Synopsis
                            In episode 39 of the Cyber5, we are joined by Director of Adversary Management & Threat Intelligence at Intuit Shannon Lietz. Shannon discusses external threat hunting and an enterprise practitioner’s perspective of active defense. Here are the 5 Topics We Cover in This Episode: 1. Defining Active Defense and External Threat Hunting: (01:34-02:51) We start with a proper definition of active defense and external threat hunting. While both terms are often misunderstood, an appropriate definition is the deep understanding of adversaries and the company’s capabilities to defend from the outside the firewall looking in. 2. Industry Trends versus Organizational Realities: (02:51-04:30) When discussing intelligence gained from external threat hunting, industry should recognize the difference between what’s happening across industry and what is happening within the organization. Advice: Enterprise should focus on discerning threat intelligence and making it relevant to the organization through the lense of DEVSECOPS - resilience of prioritizing who is going to attack a certain business function/application - and matching with attack emulation. 3. Determining Urgency and Response Speed: (04:30-07:55) To apply this to use cases, it’s critical to understand an ideal state of security within different functions such as, but not limited to, email security and fraud. The ability to decrease attacker dwell time and respond through meticulous log aggregation and analysis is important and needs to be understood at scale. For example, if one out of 250 emails is malicious but the amount of malicious web traffic hitting critical business applications is exponentially higher, a greater rate of speed and automation is critical. 4. Prioritizing What Requires Attention: (07:55-10:40) Large enterprises have thousands of applications and no one is going to have situational awareness on all of them. Therefore, security teams need to prioritize threat models defining a target state metric beyond compliance and identify legitimate attacker traffic. 5. Measuring the Ability the Secure Your Business: (10:40-15:49) Finally, “securability” is a critical metric looking at an organization’s attack surface and is defined in three parts:   Attack resilience are risks an organization takes that allow adversary opportunity.  Controls escapes are the controls in place to address the opportunity Adversary dwell time is the resources and time it takes attackers to convert the opportunity.                         
                    More episodes of the podcast the CYBER5
                                
                                
                                    Insider Threats and Social Engineering Tactics by Counterintelligence Institute’s Peter Warmka                                
                                                                    08/03/2023
                                                            
                                                    
                                
                                
                                    The Top Nisos Investigations Of the Last Seven Years with Nisos Research Principal Vincas Ciziunas                                
                                                                    08/02/2023
                                                            
                                                    
                                
                                
                                    The Vital Role of Customer Success in Intel Programs with Senior Director of Nisos Brandon Kappus                                
                                                                    24/01/2023
                                                            
                                                    
                                                    
                                                    
                                                    
                                                    
                                                    
                                                    
                                             ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
				 
                 In God we trust
 In God we trust