How To Integrate Threat Intelligence

In a complicated, fast-paced cyber environment, it's difficult to hunt for vulnerabilities. Automating intelligence can really help you find them.

Integrating cyber threat intelligence (CTI) into a DevOps platform is critical to prevent, detect, respond, and predict cybersecurity threats in a more timely and cost-effective manner.

This is because integration allows automation of everyday tasks such as patch management and vulnerability scanning, allowing employees to turn their attention away from these automated tasks to focus on more complex problems and analyses.

Ideally, you will subscribe to threat feeds that have information specific to your systems, networks, or industry, because a power plant operator will want different kinds of threat information than a bank IT team. 

If your threat feed is specific to your environment, it could help automate the discovery of vulnerabilities and help you prioritise fixes. If you get a threat alert about a specific application you are running and you have information about how to remediate, it's more likely you can create an automated task to fix the vulnerability.

This automation of threat intelligence creates several benefits for an organization, such as the following:

•    Reducing the mean time to discovery of vulnerabilities and subsequent recovery.
•    More quickly lowering risk in your organization's overall security posture, which allows for quicker response to vulnerabilities or attacks
•    Preventing attackers from repeating attacks

Other areas where automation can provide value beyond vulnerable applications include:

•    Automatically feeding information to dashboards and reports
•    Removing bottlenecks so that your changes process more intelligently and faster
•    Reducing errors in DevOps systems configurations

Are you Integrating Cyber Threat Intelligence?

To determine if your organisation is integrating cyber-threat intelligence in a valuable way, consider this checklist:

•    Do you have real-time threat intelligence data feeds? Are you using a threat intelligence platform?
•    Can you glean intelligent courses of action from your intelligence feed?
•    Are you proactively sharing your intelligence with other business units in your organisation, at a minimum?
•    Are your analysts more efficient in that they aren't spending hours reading PDFs and emails?
•    Are you able to measure the time to respond and show it's decreasing?
•    Have you prevented the same attacks/malware from being repeated against various parts of your enterprise network?

If the answer to any of these questions is no, your organisation is leaving a lot on the table.

How Do You Create Cyberthreat Intelligence Integration?

The benefits are clear, and you've determined that your organization could improve CTI. What's next?

First, the basic requirements. You'll need a decent pipeline to start with by leveraging a continuous integration server (Jenkins is a good example). You'll also need a configuration management server (such as Chef). 

The requirements list also contains miscellaneous items such as central logging, a central vulnerability scanning system, and firewall management (or the ability to control your infrastructure using something like Terraform). You'll need a minimum of one threat feed, more if you can spare it, coming into your infrastructure in a central place. These basic requirements will all come together to create your threat intelligence platform (TIP). Now that the pieces are in place, you'll need to stick it all together with glue. You'll need a way for your TIP to auto-review the threat feeds and trigger off of the ones that matter to your environment. For example, technology on your stack can identify threat campaigns against Amazon Web Services, where your critical operations are running. Then you'll need a way to plug in the recommended action.

If the recommended action is to upgrade a software component, then you can have your TIP tell your configuration management tool to upgrade the NGINX Web server to a version that's not vulnerable. Chef can then deploy and upgrade NGINX on your hosts.

And lastly, you'll want to ensure you've automatically opened a ticket in your issue tracker (such as Jira) to track the work. Include logs of the actions taken in both your issue tracker and to your central logging service.

The benefits of integrated cyber-threat intelligence are clear. Whether you're just getting your DevOps program started or are looking to bring an existing one into the 21st century, it's a critical component of future success. 

Dark Reading

You Might Also Read:

Threat Intelligence Starter Resources:

Are Employees Your Weakest Link When It Comes To Security?:

Artificial Intelligence Gives Business Wings:

Find The Hacker With Action Security Intelligence:

 

« Cyberspies: The Secret History of Surveillance, Hacking And Digital Espionage
Uber In Legal Fight With Google »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Nutanix

Nutanix

The Nutanix enterprise cloud platform provides performance, robust security, and seamless application mobility for a broad range of enterprise applications.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Gigacycle

Gigacycle

Gigacycle is one of the leading IT disposal and recycling providers in the UK. We specialise in IT asset disposal (ITAD) and data destruction.

African Cyber Security

African Cyber Security

African Cyber Security and it's partners, have the expertise and skills to provide holistic solutions for companies, institutions and government.

CyberClan

CyberClan

CyberClan’s carefully selected team of experts is capable of solving complex cyber security challenges – keeping your data secure and your businesses running as usual.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.