Cyber Defense eMagazine March Edition for 2022

1. Look for and minimize attack surfaces
Conduct external and internal attack surface assessments to find ways for the attack malware to breach.
Look for signs that those surfaces were exploited. Then work to close those holes.
2. Deploy AI-based detection and response
You need to use AI to combat AI, but not just any AI. Security tools that employ broad-based AI will not
find the signs of stealthy activity or APTs. Purpose-built AI models designed to identify very specific
behaviors are needed, such as looking for enormous amounts of abnormal DNS requests going to
malicious domains or finding short periods of bursty HTTPs traffic during off hours; both are indications
of data exfiltration.
3. Improve security system synergy
All security products have a sphere of influence covering their own security domain. But the domains do
not overlap causing gaps that AI-enabled APTs can exploit. Having security products share data realtime
and coordinate responses can close those gaps.
4. Augment security operations and resources by using security services
Face it, you do not have enough time, staff, or resources to go into threat hunting mode. And if you are
breached and under attack, can you really do incident response (IR)? Even the security teams in the
largest organizations are resource limited. Leverage your VAR or security vendor to provide resources
to backfill your team, help conduct assessments and IR, and do managed detection and response. Think
of it as a home security monitoring service available 24 hours a day; that is there when the breach occurs
during off-hours.
Cyber Defense eMagazine – March 2022 Edition 87
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.