NBN Co is rejigging its approach to IT security by adopting the ‘cyber hunt’ methodology to detect and manage threats, and by building out a cyber threat intelligence capability.
The network builder revealed its thinking on addressing issues of cyber security this week, pointing to a more offensive posture and data-driven approach.
An NBN spokesperson would only say that the company “is continually working to build its cyber threat capability as we roll out the network across Australia.”
The concept of cyber hunt teams has been around several years; the teams typically work on “longer range, data-driven investigations” of threats instead of real-time detection and mitigation.
Speartip CEO Jarrett Kolthoff blogged last year that cyber hunt team operations “should be viewed as a form of offensive counterintelligence”.
“Cyber hunt team operations should blend traditional counterintelligence techniques with new age, proprietary technical collection mediums to identify and exploit the adversary,” Kolthoff said.
NBN Co characterises the build out of its cyber hunt capability and program as being designed “to detect, disrupt and eradicate threat actors from enterprise networks.”
The team will work closely with NBN Co's cyber security operations centre (CSOC), participating in “threat actor-based investigations, creating new detection methodology and providing expert support to incident response and monitoring functions".
On the threat intelligence expansion, NBN Co said it planned to beef up its “tracking and analyses of emerging cyber threats that [it] may be subject to, both external and internal".
“This will require developing, implementing and maintaining a threat intelligence strategy and approach,” the network builder said.
“It will also require building a framework for overall security analytics and intelligence.”
Investigators will focus on “disciplined tracking of threat actors, targets, and profiles, escalating and predicting threats, and summarising threat activity in reports to management".
The strengthened threat intelligence capability would be “federated across multiple business operational units”, NBN Co said.