Move Beyond Vulnerability Detection And Mitigation To Actively Hunt Threats
- Baselining networks and identifying vulnerabilities are important tasks, but organizations need to move toward more aggressive threat identification as soon as possible.
- Organizations must use technology to automate as many tasks as possible, but you also need that skilled analyst who understands why the issue is taking place.
“It’s not enough to see that some unusual event is occurring in the network. You also need to understand why that event is occurring.”
The focus of Phase 1 of the U.S. Department of Homeland Security’s CDM program is on baselining networks and identifying vulnerabilities. This is important work, says Ismael Valenzuela, senior director and principle engineer at Foundstone Consulting, a practice within McAfee Professional Services. But, he also sees a need to move toward more aggressive threat identification as soon as possible. “In its early phase, CDM is focused on discovering, prioritizing and fixing vulnerabilities. That’s great: It’s basic security hygiene,” says Valenzuela. “But, it’s not enough to see that some unusual event is occurring in the network. You also need to understand why that event is occurring.”