Integrating Threat Hunting in Your Multi-Layered Defense Strategy

As CIOs and CISOs know well, cybersecurity threats don't take time off. Today, IT and security leaders are navigating budget, staffing and technology challenges, while managing and implementing effective, efficient and proactive network security strategies. Advanced threats take up valuable time and manpower for IT and security teams, but a well-crafted threat hunting and threat intelligence program is an important component of multi-layered defense models. So, what can CIOs and CISOs do to manage threat intelligence?

CIOs and CISOs in Seattle gathered recently to discuss how to protect their organizations from vulnerabilities, build a threat-hunting roadmap, and provide visibility about threats internally. Anthony Lauro, Director of Security Technology and Strategy at Akamai Technologies, moderated the discussion with Seattle Governing Body members Bridget Barnes, SVP and CIO at OHSU, Viggo Forde, CIO and Director of IT at Snohomish County, and Ira Ham, CISO at MediaAlpha, serving as discussion leaders.

Tony Lauro kicked off the conversation by noting that attackers only have to get it right once to achieve a breach. Even with access to the latest tools, there are also many different ways to think about how attackers could get in and numerous possible vulnerabilities across organizations. 

What can CIOs and CISOs do to look across their organizations in a continuous manner to help identify threats? One possibility is to build a threat-hunting team, and Tony shared some tips about that process. Another component of an intelligence program could be to leverage AI and ML – but as Tony pointed out, you have to hire the right people to get the most value out of that. 

The CIOs and CISOs then joined small breakout groups to discuss how to provide internal visibility to threats, how to protect their enterprises from vulnerabilities introduced by the cloud, and how to build a threat-hunting road map.
 

Key Takeaways from the Discussion

• There are challenges to providing a helpful internal view of threats. The executives in attendance shared some of the challenges to providing internal visibility to threats, including making it relevant for various stakeholders, sharing threat intelligence among teams, and ensuring the data is consistent with the viewpoint they care about. As one CIO said, “The right people need access to the right data.”
• Executives recognize the need for tools across different environments. As one executive noted, an overarching theme for their group was – what kind of tools are needed to make sure your security posture can be applied consistently across different environments? Another CIO agreed that having a variety of systems makes it difficult to do threat hunting across all of their environments. Another challenge can be an organization’s aging infrastructure. 
• The right skills are essential to a threat hunting program. As some organizations build out threat intelligence or incident response teams, they might be challenged as to whether or not they have the right people in the right spot with the right training. Some in the group use MSSPs, but noted that they still need internal staff to bridge the gap in industry-specific knowledge with service providers. One executive said, “It’s a challenge to get talent in the door for that.” Executives also discussed the growing threats to third party service providers, which adds risks to their organizations. 
• The quality of your information for threat intelligence is key. One CIO noted that the quality of your program is dependent on the information, calling it “garbage in, garbage out.” If you don’t get good information, you will not get good results, either. One executive said that if you’re working with a third party, it’s important to “make clear what you’re hunting” and have defined deliverables.
   

Overall, CIOs and CISOs in attendance agreed they were challenged with the vast amounts of data collected, and they emphasized the importance of their people – both in terms of skills and knowledge. One also noted that it’s not only the employees on their teams that need knowledge, but everyone in the workforce has to be aware on some level of how they can do their part to protect the organization against vulnerabilities. Another executive agreed that “the biggest opportunity is to educate your workforce.”

To continue the conversation with your peers on top priorities for CIOs and CISOs, find your local Evanta Community and connect with C-level executives from the world's leading organizations. Or, see when your local CIO and CISO community is gathering next here.