Lifecycle Insights believes a rising tide lifts all ships. Our friends at Huntress does this not just with their services but with their education around best practices in cybersecurity. We invited them to help educate our audience with some tips around offense and defense in cybersecurity. Here’s the scoop:
A few months ago, Lifecycle Insights blogged about helping managed service providers (MSPs) develop both offensive and defensive stances to protect their environments.
Offensive and defensive security practices are something we’ve blogged about before at Huntress, so this post piqued my interest. The consensus is certainly that offensive and defensive practices are important to a strong security posture—but what do those look like?
Read on to learn our top five tips for how to develop both offensive and defensive mindsets when it comes to your cybersecurity practices.
- (Offense) Always assume you’ve been compromised.
One of the ways that cybersecurity pros stay on the offense is by assuming they’ve already been compromised.
To assume compromise is to stay on alert and actively hunt for threats. This mindset is a shift from being prepared for when the worst happens. It’s assuming the worst has already happened—and it’s time to go hunting for that threat.
This isn’t meant to be a Chicken Little, the sky is falling parallel. Truthfully, it’s a necessary mindset if we in cybersecurity hope to stand a chance against today’s savvy threat actors. It’s assuming we’ve got an active threat to combat so we’re as prepared as possible once that threat does make its way in. And by always actively hunting for threats through offensive security, we’ll be able to remediate them faster and minimize damage.
- (Defense) Make sure you’ve implemented the basics in your stack.
You know what attackers love more than anything? Low-hanging fruit.
Low-hanging fruit in the cybersecurity realm can be many things, but some of the lowest hanging fruit includes foregoing basic cybersecurity practices. For example, does your organization require multi-factor authentication (MFA)? Do you adhere to the principle of least privilege? Do you patch as soon as you’re able?
Simple gestures like this can go a long way in keeping attackers at bay. If you prove to be a challenge and hackers are out to make a quick buck, they’ll likely move on to their next potential victim.
- (Offense) Actively hunt for threat actors in your environment.
So, you’ve decided to go on offense by assuming compromise. What now?
That’s where threat hunting comes into play.
My colleague John Hammond crafted a great definition of threat hunting:
Threat hunting is the practice of searching for cyber threats that are lurking in the shadows. It’s grown to become an essential component of any cybersecurity strategy. Threat hunting focuses on finding indicators to help you hunt—then you need to validate your indicators are working, rinse and repeat.
Part of this means having the right tools to help you constantly be on the lookout for any threats. The problem with leaving this type of activity to automated tools is that automated tools are notorious for flagging non-malicious activity as threats (aka, false positives). That creates a lot of noise.
And that’s why humans play a critical role in threat hunting.
Humans can partner with these automated tools to ensure that flagged threats are actually just that—and then triage them. Plus, humans have the contextual awareness that automated tools simply aren’t smart enough to have. But together, humans and automation make a powerful duo that puts you well on your way to a formidable cyber offense.
- (Defense) Have an incident response plan in place.
Part of having a strong defense in any sport is knowing what to do when you’re attacked. The cybersecurity equivalent is an incident response (IR) plan.
An incident response plan is a detailed, actionable document that lists the steps you and your team will take once an attack happens. This plan is developed when your business is running as usual (because who can think clearly during a crisis?). It’s tested regularly to ensure it still holds up in your environment as time goes on. Then, when the worst does happen, you’re prepared and ready to get to work to get back to normal.
There’s no shortage of advice out there on developing your own incident response plan—but be sure to check out Huntress’ Tabletop-in-a-Box whenever you’re ready to put your plan to the test.
- (Offense and Defense) Never stop learning.
Threat actors never stop learning. They’re constantly evolving their tradecraft and getting better at what they do.
It’s important that we in cybersecurity do the same.
We should constantly be looking for ways to level up our cybersecurity knowledge and outsmart our adversaries. We have to remain agile and flexible when it comes to our processes. If we discover better, more efficient ways to do our jobs, we have to be willing to make changes and get better.
Threat actors are agile lifelong learners—and we have to be, too.
Happy (threat) hunting!
Hackers are constantly evolving, exploiting new vulnerabilities and dwelling in IT environments—until they meet Huntress.
Huntress protects small and mid-market businesses from modern cyberattackers. Founded by former NSA Cyber Operators—and backed by a team of 24/7 threat hunters—our managed security platform defends businesses from persistent footholds, ransomware and other attacks.
We’re on a mission to secure the 99%. Learn more at www.huntress.com and follow us on social @HuntressLabs.