BOOKING . COM
“The sophistication of the attackers requires better contextualisation and constant examination of the adversary point of view by the defence teams ”
ARIEL LEMELSON HEAD OF CYBER DETECTION & RESPONSE , BOOKING . COM
“ Proactive defence methodology assumes that the attackers are somewhere on their way from an initial access point towards the company data . In order to detect those potential attackers , defence teams deploy numerous types of cyber-traps called ‘ detections ’, and also actively hunt the attackers on their way ,” Ariel outlines .
For the uninitiated , these descriptions really give one a sense of cyber warfare . In order to be successful in that , it is important to have the telemetry stored in an easily accessible fashion for longer terms , and to have tooling that can support security teams in making hunting efficient with all that information .
“ In today ’ s landscape , it is key to have more data rather than less , making less painful tradeoffs between which log source to save and for how long . With partial telemetry , the ability to efficiently hunt sophisticated attackers becomes limited .”
Pitfalls in cyber threat detection and response “ Some of the pitfalls cyber security defence teams encounter result from doing cyber defence in a silo , without being fully aware of both the full attack surface and the most important business assets . This may lead to a security ‘ comfort zone ’, where there may be over-investment in
126 May 2022