Hunting for Threats and the Future of Arizona Cybersecurity

An image of Tina Thorstenson speaking at conference

Written by Tristan Ettleman

 Security is paramount to ASU and UTO and our Protect Arizona Initiative is a multi-year effort to increase collaboration across Arizona organizations. This dedication to protecting the University’s community, and beyond, most recently resulted in a “summit” of cyber security professionals coming together for a day of collaboration and Threat Hunting. 

The conversation, conducted in partnership with Crowdstrike, connected like-minded individuals from across different sectors. People from city governments, private companies, public school districts, cyber security firms, other higher education institutions, and of course, ASU excitedly envisioned and discussed the future of cyber security at ASU’s Tempe campus on Wednesday, October 2nd.

“We are looking to solve global issues,” Deputy Chief Information Officer CISO, IT Governance, and Policy Tina Thorstenson said at the start of the event. With 13,000 new Sun Devils, some traveling from across the world, ASU strives to maintain one of its eight design aspirations: to be socially embedded. The Threat Hunting event was a microcosm of that goal, with Crowdstrike providing the resources and training to seek out bad actors from numerous countries that would like to illegally access wide swaths of secure information. Participants voiced their concerns and ideas about how best to protect their organization’s environments, collaborating with the shared goal of increasing protection across the community.

Crowdstrike Senior Engineer Wes Bateman presided over an incredibly informative and useful threat hunting exercise for ASU staff and partners. “Threat hunting is a scientific method focused on hypothesis testing,” Bateman said. “It employs threat intelligence to search for indicators of historic intrusions.” Most importantly, threat hunting is an active process. 

 Bateman also debunked some myths about what threat hunting looks like. It does not equal waiting. There is a required structure and process. It doesn’t need vast amounts of data or cutting-edge technology. And it needs people. “Hunters” are skilled specialists who proactively solve problems rather than wholly rely on automated tools. We need threat hunting because of “the security problem, the people problem, and the detection problem,” as Bateman put it. The ideal place for threat hunting to happen is between a reactive and proactive posture. Threat hunting has a “need for speed,” but also context, and that balance was the focus of the technical challenge Bateman presented to attendees. 

And the “challengers” rose to that challenge incredibly well. Groups pared up and took to their simulated, yet realistic, threat hunting environments with passionate,  problem-solving attitudes.

 Attendees didn’t just walk away with new, demonstrable, and practical knowledge, but also the big ideas with which the cybersecurity field can expand its efficacy. Seven big topics were raised across the Threat Hunting workshop groups, and some key takeaways were:

  1. Cybersecurity professionals don’t like to admit to breaches, but for the purpose of forensics, they should be more open with reporting and provide open source tools from the community.

  2. The Internet of Things, the network of connected devices that now make up our world, and the tracking of the use of it thereof, is on its way to more automated processes, the network security group stressed.

  3. “All roads lead to automation” was the key takeaway from a discussion on endpoint security.

  4. Community partnerships need to be built on communicating effectively to people not necessarily part of the “cyber arena.”

  5. Understanding cyber security intelligence is not a uniform methodology, built upon the same tools for every organization and every need, was a big topic. Oh, and more automation.

  6. With such a demand for cyber security professionals and a smaller supply, the Threat Hunting’s participants agreed a more defined pathway should be cleared to engage students in cybersecurity.

  7. Finally, there is a risk in basing operations on third-party security, but partnering with the right organizations can augment and totally support cyber security operations at an institution like ASU.

And that is just the case with Crowdstrike and the tools and training they provided with the Threat Hunting event. Many participants walked away with stronger technical knowledge and a drive to improve cyber security processes at whatever organization they belong to, and potentially in partnership with ASU in order to expand the university’s goal of improving communities beyond its doors. Whether they sprang from conversations in the hallway or on the main stage, new ideas and conversations that will strengthen a local, regional, and global cybersecurity presence is sure to abound.

A final reception to wrap up the day was further emblematic of the event’s construction of a vision for the future of cybersecurity. The kick-off for November’s NICE (National Initiative for Cybersecurity Education) Conference also featured a panel moderated by Jamie Winterton, Director of Strategy for ASU’s Global Security Initiative. Accenture Senior Manager Tina Slankas, Paradise Valley School District IT Director Jeff Billings, and UTO Executive Director of Cloud and Advanced Network Timothy Summers discussed the “hot topics” hitting the cybersecurity world. 

The timing of the event was no coincidence either. October is National Cyber Security Awareness Month, and UTO is creating content all month long. Students can even submit videos for Amazon gift card prizes. Check out the content and the process for submitting the videos at getprotected.asu.edu/think.