If 2018 belonged to AI becoming mainstream, it was also a year marked with high-profile cyber threats and breaches. On the Indian turf, news of Aadhaar breach caused a massive ripple with stakeholders debating the privacy concerns. Details of Indian citizens, such as name, 12-digit unique ID and in some cases even bank account details were accessed by hackers.
In the same year, Facebook, the social networking giant invited the wrath of government agencies and public alike when the alleged breach exposed close to 50 million of its users’ data. The attackers allegedly gained access to the users’ ID exploiting a feature in Facebook’s code.
With attackers readying to exploit every loophole in the cyberspace, security breaches in 2019 are only going to be more ubiquitous. Taking all this into consideration, the need for organisations and governments to safe-proof their existing cyber infrastructure has become important.
Role of A Data Protector
Given the current cybersecurity landscape, the role of a threat hunter or cybersecurity threat analyst role is only going to be more prominent in 2019, as the fact attackers are going to turn to AI and ML as a means to target people.
A threat hunter is essentially a security professional who uses manual or machine-assisted techniques to detect security threats in automated systems that would have been overlooked by a CISO or CIO. In other words, s/he provides an additional layer of defence against advanced persistent threats (APTs).
One of the major aspects that define a threat hunter’s profession is his field of knowledge, as s/he is expected to have a thorough understanding of the working model of the business along with creative skills to interpret and communicate data effectively. One of the primary roles as a threat hunter is to deal with a large pool of data from which the person has to mine, pool and extract an organisation’s metadata. Hence, a sound grasp of machine learning is a key attribute to efficiently dispose of their duties.
In order to deliver the responsibilities, the cybersecurity threat analyst will have to work with different kinds of software and tools to identify threats and possible adversaries. S/he also has to constantly monitor security tools such as firewall, antivirus among many other key features revolving around security.
Though this job role is still at a nascent stage in India, several companies have already foreseen the role of a threat hunter in safeguarding their business and have acted upon it. Companies like IBM India, Infosys and HSBC are some of the prominent organisation which is presently on a lookout for threat hunters with a minimum four-five years of experience to start off.
In this article, we enumerate the key roles and requirements required to become a cybersecurity threat analyst:
- Have to work with statistical and intelligence analysis software
- Develop security solutions to find threats
- Assessing magnitude of a security threat and then effectively communicating it to enterprise
- Tracking and providing real-time security alert and identifying them
- Monitoring end-point data and collecting event logs
- Creating correlations to identify attackers
- Knowledge of QRadar/any SIEM solution, IOC discovery tools, intrusion detection systems etc.
- A sound knowledge about incident response process such as detecting advanced adversaries, log analysis using Splunk, ELK, or similar tools, and malware triage.
- An understanding of coding languages: Perl, Python, Bash or Shell, PowerShell, or batch
- Knowledge about working of operating systems such as Window, Linux and network protocols such as the TCP/IP stack, work
- A thorough understanding of the cybersecurity landscape including use cases and types of attack
- Strong knowledge about technical writing and documentation as a threat hunter is required ad to prepare security report on a regular basis
Though the growth forecast for Indian enterprises looks promising, the biggest challenge before them is security regarding their digital assets. With companies investing millions of dollars to safeguard their assets, the role of a threat hunter or cyber security analyst is only going to be more pervasive in India. While the government’s push for initiatives such as Digital India, Aadhaar Card and Digital Locker would mean that a threat hunter’s role wouldn’t entirely be restricted to the private sector.