Browse Tag: Cybersecurity

Threat Hunting: When You Can’t Sit Back and Wait

 

Threat Hunting

Do you ever sit at your desk and wonder when the next attack on your network will occur? Maybe you have an automated system that sends you alerts, but you get so many false positives, you feel like you’re starting to drown in the irrelevant data. Meanwhile, threat actors are continuously improving their techniques and approaches.

While threat detection tools and incident response are both critical, sometimes security professionals need to take a more proactive approach. Threat hunting is essentially threat detection that is driven by a human analyst. This is somewhat different than it being driven by an automated system, no matter how powerful the system is.

“Security Operations Centers (SOCs) today are faced with an onslaught of false positive alerts and actual attacks often lay undetected for months before being discovered. Threat hunting is a critical new function for any modern SOC to proactively look in the blind spots of current tools and sensors and surface hidden, advanced threats,” says Ely Kahn, co-founder of Sqrrl and former Director of Cybersecurity at the White House.

Tools Are An Important Part Of The Strategy

Traditional systems for finding threats are typically based upon signatures, which means they can only detect things that are known. Newer systems actually monitor behavior and do a better job of identifying unknown attacks on your endpoints. Monitoring behaviors allows you to identify when an endpoint has been compromised. Machine learning can be used to identify traffic patterns of a hacked device as it reports back to a command-and-control system.

Threat Hunting

You can’t rely on monitoring and the alerts alone to know that your network is safe. Threat hunting helps you identify attackers that have been operating unseen within your network. At the same time, threat hunting can be used to augment your automated threat detection and improve the quality of detections by reducing false positives.

Without having someone actively hunting for threats on your network, you must wait for automated systems to alert you when an attack occurs. However, what happens when an attacker finds a way around your automated system and through gaps in your security?

Instead of sitting around waiting, threat hunters are constantly looking for new ways to identify attackers. A threat hunter can work to not only identify these threats, but to automate known threat detection in the future. This will help reduce the number of items that threat hunters will need to monitor going forward.

“While machine learning is incredibly powerful it’s not something that solves the attack detection problem. It’s something which narrows your focus and attracts the attention of a human analyst to take a look,” says Ian Barker with betanews.

When You Can't Sit Back and Wait

Tips To Improve Your Threat Hunting

Make the most of your data: Automated systems can collect a plethora of data within a short period of time. Embracing data analytics can help you create datasets that will make your hunting more productive. Since some attacks involve weeks or even months of data, you will need a system like Apache Hadoop that can be used to collect and analyze the data.

Machine learning: With machine learning, you have the ability to increase your hunting potential and help you find the anomalies within your dataset.

Have a strategy in place (before you get hacked): An underlying theme in most of the sessions at April’s InfoSec World was to have a strategy in place before you get hacked. The last thing you want to do is to stand in front of the Board of Directors and tell them that the company has suffered a data breach. Create a strategy before this occurs. Use a framework like kill chain mapping to give you a way of making sure that each hunting expedition is efficient.

Let The Hunt Begin

Security researchers need to continue to challenge themselves in their organization to proactively hunt threats instead of waiting to react after a breach has occurred. Using a blended approach with threat hunting delivers better results than just depending on a single method or tool.

 

New Call-to-action

 

Cybersecurity audience man with colors

GREAT CONTENT JUST ISN’T ENOUGH: HOW DESIGN PLAYS A CRITICAL ROLE IN INCREASING READERSHIP FOR A CYBERSECURITY AUDIENCE

cybersecurity audience man with colors

 

In the marketing world, “done is better than good” is a phrase that comes up quite a bit. The idea is that marketing itself is a quantity-based industry, not necessarily a quality-based industry, and that the time it takes to perfect a marketing strategy is time that could be better spent churning out new content and new strategies.

Yet in the rush to get content published within deadlines, cybersecurity marketers often miss out on some of the smaller, simpler changes that on the surface may seem irrelevant, but in practice can make the difference between creating content that people love to read, and content that gets completelyignored.

Continue Reading

A guy in front of the pc

Lead Generation Tips for CyberSecurity Companies

 

Lead Generation Tips for CyberSecurity Companies

 

While most companies today already use some form of online lead generation, how they do so is frequently evolving. If cybersecurity businesses want to keep up with the times, it becomes important to periodically evaluate the current lead generation strategy and see if there are better opportunities out there.

For example, in the past, many companies used specific landing pages – often connected to ad accounts – that are hidden from the sitemap and used primarily to address specific leads. But many businesses are finding that this strategy is no longer necessary, and that on-page lead captures may be more successful.

How each company generates leads is going to be dependent on the type of business they run, what their current marketing strategies are, what products and services are available, and who their ideal customer is. However, there are several tips and strategies that should be considered as a cybersecurity company.

Optimizing On-Page Tactics

It starts with on-page lead generation. These are the efforts that companies use to attract leads on the page/website that the visitor is currently viewing. Rather than using a specific landing page, the business captures the lead from whatever site page the visitor has hit.

Most news websites, eCommerce sites, and consumer blogs tend to use some type of on-page lead capture. As a cybersecurity company you are no exception. Some recommended software that allows for this type of lead generation includes SumoMe (welcome mat, list builder, scroll box, triggered pop ups), Optinmonster (exit intent, full screen welcome gate, sidebar forms), OptiMonk (exit intent, inactivity pop up, scroll, dynamic text), Optin Forms (embedded in-page forms) and Wistia (video integration).

Adapting your website for on-page lead capture is a great first step. But placing a sign-in sheet and asking for a visitor’s email simply won’t cut it, as many will be hesitant to give it to you for various reasons. The good news is that there are a number of effective methods that you can use to earn their trust:

hands-holding-letters-tips-500pxGive them a reason why – Why, with all the free content that’s available, should they give you their email address? What do you offer that justifies giving you something that nowadays is seen as incredibly personal? Think long and hard about your pitch, and do your best to provide potential clients with true value.

Trigger emotions – While simplicity is a must, creativity is still highly valued. Triggering emotions with words or images can be a powerful way to get people excited about the idea of hearing more from you in the near future.

Keep it simple – Assume you have only a few seconds to give them a reason to sign up, because their mouse is already inching closer to clicking the X on your message. The more they have to read, the less likely they’re going to accept the lead request and give you their information.

Add visuals – Impressive visuals capture attention in ways that words often cannot, and in today’s increasingly visual world, adding some complementary images can assist you in your quest to trigger emotions.

A/B test everything – Finally, don’t be afraid to doubt yourself. Take risks, try different things, and test all of your weapons to see which one is getting you the best reaction. Something as simple as font size can have a very different impact on your results, but you won’t know unless you put it out there in front of a bunch of eyes.

Above all else, recognize your audience. You’ll generate far more leads when you know what the needs of your visitors are than you will if you’re in the dark.

Taking Advantage of Social Media

Another great tool for finding leads as a cybersecurity company is via social media (yes really!), as it allows you to display even more of your personality. Of course, it takes time and effort to plan your next moves and figure out ways to develop a consistent voice and brand, but in the end this helps you differentiate yourself, and builds trust with potential leads.

Products such as Socedo can be quite effective here, as it allows you to first connect with your prospects on Twitter, then automatically filters them into your database with their email addresses so you can nurture them further. This is a new found tactic of combining outbound strategies with inbound strategies (without buying a list!) as you have essentially warmed up a cold lead using a very natural action of today – connecting on Social Media.

However, when it comes to effective strategies to improve social media lead generation, you may want to consider the following:

Ask powerful questions – Any time you can get someone thinking, you’re creating a space in their mind for your business. Asking the right questions encourages people to participate in a conversation that involves you as well as other followers.

It’s social media…so try to be social – People are more likely to be interested in following you when they know you’re managed by real human beings who aren’t afraid to engage in some back and forth, no matter how sensitive the topic. That means interacting with the people that like and comment, answering questions, and showing you’re actually listening.

Send them to your site – Social media can adapt very well with your on-page lead capture campaign. Create content your followers want to see more of, and then develop an on-page strategy that takes them further down the funnel.

Social media, when used correctly, is a tool that can give your cybersecurity business a whole lot of character, and that can be an extremely powerful tool for finding and capturing potential leads.

Additional Lead Generation Tactics

A number of additional (and useful) strategies include posting interactive contact such as surveys and games, and of course videos, infographics, and other forms of digital content which can be powerful additions to the written content, keeping people on-page longer and giving them more reason to believe you can assist them with their needs.

In the end, cybersecurity businesses that make a point of listening to their customers and reinventing themselves by implementing new and engaging messages and strategies are going to be the ones that stay relevant and attract those precious leads.

 

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action

cyber security statistics

Top Cybersecurity Statistics for 2016

One of the best tactics to take advantage of when marketing any subject, especially cybersecurity, is research and the use of statistics. Cybersecurity statistics in the form of facts, surveys, majority or minority opinions and overall feelings about an industry strengthen the points and insight you’re trying to underline in your marketing efforts.

Continue Reading

Mobile Internet Safety Concept with Men Showing Tabled Computer with Padlock Security Illustration. Mobile Internet Using and User Protection.

Cybersecurity Marketing: Specs or Value?

When marketing to prospective customers of a cybersecurity solution, there are often two distinct audiences: those who know the technical aspects of cybersecurity and those who don’t. It is common to sell to both groups, so to find the right marketing strategy you must take into consideration the way both groups intake information and understand what they find important. Continue Reading

Cyber Elevator Pitch

Crafting Your Cybersecurity Elevator Pitch

Good marketing for cybersecurity products and services is a fine balancing act. Security companies need to show prospective customers why security solutions are essential to the longevity of their business ventures. This needs to be done without coming off as pushy or telling tall tales. And often, it must be accomplished at a face-to-face touch point, within seconds or minutes.

Hence, the need for a thoughtfully crafted elevator pitch. Continue Reading