TAGITM Monthly
 

James O'Brien Shares Some Insight on the Contributions of Our Nation's Ports

Print this Article | Send to Colleague

By James O’Brien, CISSP, CGCIO
Director – Information Security Officer, Port of Houston

With so many options related to the testing and development of your cybersecurity posture, it can be difficult to determine the best choice. For example, when deciding between a threat hunt and a pen test, which method will provide the most valuable results? Here, we’ll highlight the advantages of each option and why they are both critical to protecting your organization.

Penetration testing (pen testing) is the attempt to “kick the tires and check for open doors” in discovering possible vulnerabilities. Pen testing looks at people, processes, and technology to find which vulnerabilities they can exploit to attack an organization. A pen test will highlight the areas where adversaries will attempt to breach your systems. Detecting the gaps and taking action to mitigate the risks are key take-aways from this exercise.

Threat hunting typically involves looking for undiscovered bad actors that have made it through your controls and are currently in your environment. A threat hunt starts with the understanding that the adversaries are already within the network and infrastructure. The threat hunt will be looking for specific indicators of compromise as well as patterns of behavior left behind.

We recently conducted a threat hunt in our environment, and the focus was on the Volt Typhoon. No indicators or behavior breadcrumbs were discovered during the exercise. There were other notable suggestions made to further improve the cybersecurity posture. The suggestions provided were items we already have in motion to implement with recent grant funding sources, such as a web application firewall, MFA, and vulnerability management.

No matter the exercise you choose to conduct, doing something is better than doing nothing. You will never know your weaknesses if you do not test. Before making a selection, it is best practice to research the options that best fit the needs of your organization, establish a scope of work, and define the rules of engagement. The results will help you discover the cybersecurity maturity level and cybersecurity gaps to mitigate.

For Reference:

https://www.sans.org/media/analyst-program/building-maturing-threat-hunting-program-39025.pdf

https://www.crowdstrike.com/cybersecurity-101/threat-hunting/

https://www.crowdstrike.com/cybersecurity-101/secops/vulnerability-assessment/

 

Back to TAGITM Monthly

Share on Facebook Share on Twitter Share on LinkedIn