Governance & Risk Management , Incident & Breach Response , Security Operations
Tips on Taking a 'Threat Hunting' Approach
HCL's Anuj Tewari Offers Insights on Key Steps Taken to Manage RiskOrganizations need to adopt a "threat hunting" approach to managing risk, striving for early detection of anomalies, says Anuj Tewari, CISO at HCL Technologies, an India-based multinational IT service company.
"As human beings we get preventive medical checkups done to detect diseases, if any, beforehand. Likewise, if we are to keep our infrastructure well, we should turn to threat hunting," Tewari says in an interview with Information Security Media Group.
Threat hunting involves three steps, he explains:
- Scanning the environment;
- Conducting continuous recording, including analyzing logs and tying them to intelligence;
- Reviewing intelligence reports for relevance.
"Threat hunting is essential to know the security health of an organization proactively and in a smart way," Tewari says. "Therefore, forensic capability should be well-established, which means that it's not the time to realize that certain things should have been logged after a damage has happened."
In this interview (see audio link below image), Tewari talks about:
- Aligning threat hunting with incidence response;
- Mapping critical assets and indicators of compromise;
- Enhancing capabilities to proactively detect threats.
Prior to joining HCL, Tewari was head of cybersecurity practice for Asia, Middle East and Africa at CSC. Before that, he worked at IBM, GE, Convergys and other companies in various capacities.