09 November 2017
Blogs by author: Ivelina Koleva, Cyber security portfolio strategy lead at BT
Threats today are dynamic and attack vectors are constantly changing, making for an ever-evolving threat landscape.
New frontiers of cyber crime are opening due to innovation, economies of scale, diverse threat actors' motivations, new sophistication and trends. And if that's not daunting enough, the average cost of cyber crime to business annually is increasing in double digits, according to recent reports.
This makes gaining visibility of the threats facing your organisation an imperative. Luckily, there's a myriad of threat monitoring products and solutions that can give you 24/7 alerts and visibility of threat events. As a rule of thumbs, these solutions are good at helping you prevent, detect and respond to threats.
But how can you predict threats before they damage and disrupt your business?
In this new reality, the collection and analysis of information pertaining to different malicious cyber actors is becoming more and more important. Today, threat intelligence (TI) is becoming essential for tackling cyber crime. Looking at the different types of techniques and tactics that threat actors employ, as well as what kind of data sets or organisations they would seek to target, can give you the upper hand when protecting your crown jewels.
There are a number of advantages to TI and here's my take on three of them.
Be context aware
Researching and understanding threats to your business can give you a realistic understanding of the risks facing your organisation. It’s an essential part of your preparation. For example, while every business faces the threat of ransomware, it’s important to understand that certain sectors are more regularly targeted.
TI allows you to contextualise threat events, which can be technical in content, and interpret them more effectively. It can provide information about the motivations, identities, characteristics and methods of attackers. TI can also help you develop informed tactics for current threats, and to plan for threats that may develop in the midterm future. Even the detection of hidden threats can become possible if an organisation is mature enough and can successfully employ a commercial TI service.
Prioritise your most concerning alarms
In your daily security operations, you want to make sure that your security talent — scarce as it is — is not over-utilised by 'chasing ghosts'. Security event monitoring solutions and further automation have freed up precious time to investigate the most pressing security incidents. However, the reduction of false-positives, fine-tuning, configuration and integration of many different security products is something many businesses still struggle with. TI can deliver aggregated content with a valuable narrative analysis, which can help your security operational teams diagnose and prioritise incidents more efficiently and effectively.
Inform your security strategy
TI can help organisations answer a spectrum of questions. From “Should I anticipate an attack? By whom? When? How?”, to “Who are the top adversaries targeting my organisation?”, to “Has any of our sensitive information already been leaked?”. More often than not, the better you get to understand your threat landscape, the more informed decisions can you make about:
- security budgets and more targeted future spending
- aligning your overall security programme to your landscape
- improving your architecture and monitoring capabilities to better predict, prevent, detect and respond to threats.
However, commercial TI offerings are not for every organisation. And indeed, they can also be expensive and difficult to justify with limited security budgets. Today, TI is also being integrated natively into products in most security technologies — from firewalls to SIEMs. There are also viable open standards, of which STIX/TAXII has gained popularity and become a leading example. Participation in private, public or industry-led TI sharing groups is also another option.
The value of TI can be tremendous, but it’s often constrained by the ability to afford, absorb, contextualise and, most importantly, respond to the information provided. Whatever you end up doing, don't just ride the hype of TI. Before you decide which option is best for you and proceed with any of them, take an honest assessment of your maturity and the stage that your security operations are at.
How ready are your security operations? Take this quick assessment and receive a free custom report to find out how to progress to the next level of security readiness.
Take this quick assessment to understand how ready your security operations are in comparison to your peers and receive a free custom report to find out how to progress to the next level of Security Readiness.
Download our report, “The cyber security journey – from denial to opportunity”, which looks at each of the stages businesses go through to gain true leadership in the management of their security risks.