Threat Detection and Response
                     Threat Detection and 
Response
As organizations are hosting their critical data on virtual servers 
and  with greater use of networking, automation, and the 
internet, the risks  associated have increased manifold in 
cyberattacks. As in any other  activity, intelligence is critical to 
ward off any attack by enemies. In  the IT context, threat 
intelligence and detection are the knowledge  that allows 
businesses and government organizations to prepare and  
prevent such attacks.
Threat intelligence is backed by data that allows one to know in
advance the attackers’ identity, their motivation,  how 
capable they  are. This also indicates that areas in the 
system are weak or  vulnerable, which could be the potential 
target. By knowing this  crucial information’s as an 
intelligence input, cyber experts make  informed decisions on 
how to beef up the security.
Threat detection is addressed by Seceon through User  Entity 
 Behavior Analytics (UEBA) riding on Machine Learning 
algorithms to  identify various tactics and techniques used 
the perpetrators.
Threat Detection
This activity is carried out in the IT ecosystem that helps scan 
and  analyze the entire network and identify if there is any 
malicious  activity that can compromise the network. If any 
threat is detected,  the efforts to mitigate and neutralize 
them before they can exploit the  vulnerabilities present in 
the system.
Getting breached can be a nightmare for any organization, 
and  almost all organizations are now prioritizing their cyber 
security  controls. They are putting the smart technologies 
and people to work  on the information received by creating 
a defensive barrier in  anticipation of anyone trying to cause 
trouble. Cyber security is an  ongoing process and 
continuously needs to be alert as it is not a  guarantee 
against attacks.
The concept of threat detection is multifaceted when 
reviewed  against specific security programs of different 
organizations. The  worst-case scenarios must always be 
considered when irrespective of  the best security program of 
an organization, something slips past the  defensive or 
preventive technology and becomes a threat to the  system.
Threat Detection and Response
Speed is the essence when it comes to threat detection and  mitigation. It is crucial 
for security programs to detect threats  efficiently and quickly so that attackers do 
not get enough time to  zero into sensitive data. A defensive program is wired to 
prevent most 
threats based on their past experience and analysis. This means they  know the 
attack pattern and how to fight them. These threats are 
considered “known threats.” In addition to them, there are 
other  threats of the “unknown’ variety which organizations 
have to detect  and battle against. This implies that these 
threats have not been  encountered before, as the attackers 
may be using new techniques  and technologies to 
circumvent the existing barricades.
It is also seen that even the known threats can sometimes 
slip  through the defensive measures. This is why 
organizations should  look out for both known and unknown 
varieties in their IT  environment.
So how can an organization ensure that they detect both 
known and  unknown threats before any damage is caused? 
There are several  ways one can boost one’s defense arsenal.
• Threat intelligence leverage
Threat intelligence helps to understand past attacks and 
compare  them with enterprise data to identify new threats. 
This is effective  when detecting known threats but may not 
provide valuable inputs  for unknown ones. Threat 
intelligence is used frequently in antivirus,  IDS or intrusion 
detection systems, Security Information Event  Management, 
and web proxy technology.
• Setting traps for attackers
Attackers find some targets too tempting to leave them. 
Many  security teams know this and set up bait for the 
attacker, hoping that  they succumb. An intruder trap could 
be a honey trap within the in-  house network services. They 
might appear appealing to the attacker,  who prefers using 
the honey credentials with all the user privileges.  This 
attacker goes after triggers an alarm to the security system 
data.  The security team gets alerted to potentially 
suspicious activity in the  network and nudges them to 
investigate even if nothing has  happened.
• Behavior analytics of users and attackers
Using tools for user behavior analytics, an organization will 
be able to
Understand the expected behavior of its employees. For 
example,
what kind of data employees typically access, what time 
they usually  login into the system, and from which location. 
A sudden change in  their behavioral pattern, like login into 
the organization systems at 2  am from another location, 
arouses suspicion as the concerned  employee usually works 
from 9 am to 5 pm and never travels. This  unusual behavior 
calls for an immediate investigation by the security  team.
For attacker behavior analytics, it is challenging as there is 
no  reference or baseline benchmark for activity comparison.  
Here one  has to look out for unrelated activities detected on 
the network, which  attackers leave behind as breadcrumbs 
activity. Here, both the human  mind and technology get 
together to put in place pieces of crucial  information that 
help form a clear picture of what the attacker could  be up to 
on the organization network.
• Carrying out threat hunts
Instead of waiting for threats to appear, the security team 
takes a  proactive approach. It goes outside their network 
endpoint to look for  attackers that may be lurking nearby. 
This is an advanced technique  used by security experts and 
analysts who are threat veterans. Also,  using all the above 
combinations of approaches is an excellent  proactive way to 
monitor data, assets, and employees.
Two-pronged approach for threat detection
For an effective threat detection strategy, both human and 
technology  is required. The human component is the 
security analysts who  analyze the trends, behavior, patterns, 
data, and reports and identify  deviant data that indicates a 
potential threat.
Technology also plays a crucial role in detecting threats 
though no  single tool can do this job. Instead, there is a 
combination of tools that  are collated across the network 
that helps to identify the threats. A   robust detection 
mechanism that needs to be deployed includes.
• Aggregate data from events in the network, including 
logins,  network access, authentications.
• Monitoring the traffic patterns and understanding 
them in the
organization network and the internet.
• Detecting endpoint activity on users’ machines to 
understand any  malicious activity.
Seceon’s Solution
• A compromised Credential is a clear indicator of an insider 
trying to  gain access to information that he or she could 
potentially misuse.  As shown in the screenshot below 
(aiSIEM Portal), a particular user  was found to be logging 
into an unexpected host – which was a  departure from 
profiled behavior.
• Data Exfiltration is also an activity that may be 
undertaken by the  insider. In this case, there may be 
indicators of increased  communication with a high-value 
host. The techniques applied are  similar to Data Breach 
Detection use case.
Conclusion
By employing a combination of defensive strategies and 
methods,  organizations increase their chances of detecting 
threats quickly and  effectively canceling them out before 
any damage to the network is  done. Cyber security is a 
continuous process, and service providers  like Seceon use the 
most advanced artificial intelligence for the  technology 
required for threat detection. They provide remedial  
platforms for organizations beyond traditional defense tools 
that are  often silos in nature. By providing a comprehensive 
real-time analysis  of vulnerabilities, they detect threats and 
eliminate them in real-time.
Contact Us
Address -238 Littleton Road, Suite 
#206,Westford, MA 01886, USA
Phone Number -  +1 (978)-923-0040 
Email Id - [email protected]
                  [email protected]
Website - https://www.seceon.com/