For today’s modern organisations, data has never been so valuable but, sadly, it’s also a valuable commodity for cyber criminals, asserts Anthony Perridge. The data held within your organisation is now more dynamic than ever. However, the bad news is that this truism actually affords hackers multiple entry points to initiate a cyber attack that can have terrible consequences for the host organisation.
This has led companies to turn their attentions towards a defence-in-depth approach, implementing multiple layers of security to counter each and every one of their adversaries’ attacking moves. Defence-in-depth, though, has created a massive amount of data and an equally massive management challenge.
Faced with resource constraints and hiring challenges, security teams are falling behind. A different approach is needed to protect businesses, employees and customers. An approach based on applying context, prioritisation and automation to threat intelligence in order to accelerate security operations.
The pressure is firmly on C-Suite executives to reduce risk, improve defences and execute on strategic and tactical enterprise goals while at the same time staying on budget. As Chief Information Security Officers (CISOs) are responsible for every aspect of security, their decisions have the highest stakes involved and, crucially, they need something to base them on. This is where threat intelligence can make their life infinitely easier.
Managing cyber threat context
In order to streamline threat operations and management programmes and accelerate security operations, large amounts of unmanageable threat data must be contextualised. Before launching any operation, you should be able to answer questions like: ‘Who?’, ‘What?’, ‘Where?’, ‘When?’, ‘How?’ and ‘Why?’
Managing context is a key first step to evolve your security posture from one that’s reactive and defensive to one that is instead proactive when augmented and prioritised using external cyber threat intelligence. In order to begin the process, data must be organised into actionable information about adversaries, the indicators of compromise that identify them, their tactics, techniques and procedures and the events that occur both external and internal to your organisation’s network.
This will help you to understand the external threat landscape and make accurate decisions on processes that need to be improved, the type of vulnerabilities that should be addressed in the first instance, training that should be provided to employees, the security solutions in which you need to invest and so on.
Empower your team and respond quicker
Your team knows how crucial it is to respond quickly enough to threats. They know how much critical damage those threats can cause on the network. Deploying intelligence to your existing infrastructure is crucial for them to act on time and avoid or otherwise limit attack damages. Threat Intelligence affords the ability to empower your teams to respond immediately to the latest industry threats, while also providing key performance indicators to demonstrate steady security regime improvement to key stakeholders and executive management alike.
A threat intelligence platform arms your team members to collect, centralise and normalise external and internal threat data, contextualise threat data (turning it into threat intelligence), prioritise threat intelligence, accelerate detection and response to security incidents, reduce risk and improve security posture and deploy actionable intelligence in order to maximise the value of existing security infrastructures.
Proactively managing threat intelligence helps to meet the needs of your team, which then allows you to drive more effective analysis and response while reducing risk. This minimises adversary dwell time, maintains a focus on only relevant and high-priority incidents and data and seamlessly integrates with existing security tools to enable a unified defence. All of these actions will considerably accelerate detection and response.
Save time (and money)
Your cyber security team members can also take advantage of threat intelligence to be more efficient and effective by working on higher priorities, such as reducing risk and efficiently protecting your network.
This type of solution offers prioritised cyber threat intelligence that filters out noise and reduces false positives, and it also reduces the workload. Another advantage of this platform is that manual tasks that used to be repetitive and time-consuming can also be consigned to the past as they can be automated through the platform. This means that your team members will not waste time chasing ghosts.
Such a platform enables you to only apply the relevant, high-priority threat intelligence automatically to a specific environment such that existing security technologies can perform more efficiently and effectively. With a single source of truth automatically shared across the infrastructure, you gain greater situational understanding, better decision-making and stronger security processes.
Create intelligent cyber security processes
Opting for a threat intelligence solution enables you to accelerate security operations through a streamlined threat operations and management regime that will hinge on a platform bringing it all together. That platform must be able to help you aggregate, operationalise and act upon the most relevant threats facing your organisation. Threat operations are achieved when you can rapidly bring together internal threat intelligence, event data and alerts with external threat intelligence and adversary information to provide context, prioritisation and automation that strengthens the configuration and policies of your security infrastructure and accelerates detection and response.
On top of that, given vast amounts of contextualised threat data from internal and external sources, the challenge is to make sure that it’s accurate (A), relevant (R) to your business and timely (T) enough to take meaningful action upon it. You need control to define these parameters. After all, who understands your environment and risk profile better — a vendor or yourself? The A.R.T. of cyber threat intelligence is to prioritise and best match the needs of your specific environment by combining automation with expert human analysis.
A threat intelligence platform provides CISOs with an effective way in which to understand cyber risk in real-time and gives them the ability to make better and faster decisions. Turning to this type of technology also removes the burden of going through manual processes and wasting valuable time.
Anthony Perridge is Vice-President (International) at ThreatQuotient