The Science of Threat Intelligence

Threat intelligence, a discipline which is rooted in large-scale analytics, is defining a new attack detection technique that gives security organisations the ability “to recognise and act upon indicators of attack and compromise scenarios in a timely manner,” according to SANS Institute.

It’s a rifle-shot approach to a problem that has foiled previous shotgun tactics like locking down all the doors into the organisation.

Threat intelligence tools monitor network traffic and known vulnerability points to look for indicators of attacks as they progress. They then stitch this information together into a shared knowledge base that can be used to design prevention strategies at a macro level.

A simple example of a threat intelligence event is a failed login attempt. While unremarkable in isolation, a series of failed logins under the same username may indicate an attempted break-in. If the failures occur in rapid succession or if the login credentials show a pattern of easily guessed passwords, then it’s a good bet automation is at work and a large-scale attack may be imminent.

The rise of threat intelligence indicates a shift in the way organisations are thinking about security. But there are still daunting problems to solve. One is sorting out the vast amount of information that needs to be examined.

So it’s not surprising that a recent survey by the Ponemon Institute found that 68%of US IT security managers said their teams spend a significant amount of time chasing false positives. Only 32% prioritise alerts that need to be investigated. In other words, teams are in constant crisis mode, chasing signs of aberration without really understanding what they mean. Only 39% of the respondents to the Ponemon survey rated their ability to detect attacks as highly effective.

Thanks to big data, that may all be about to change. Dozens of vendors are working on solutions using the profusion of new big data analytics tools. These tools are still maturing, but they show great promise to work at the speed and scale that threat intelligence requires.

The good news, as reported by SANS Institute, is that 69% of respondent companies are implementing threat intelligence to some extent, though only about one-quarter are using it extensively. A 2015 Ponemon study found that one-third of security managers expect to increase their threat intelligence budgets significantly.

The greatest gains may actually come from a low-tech approach, however: sharing information. Like networks themselves, the value of threat intelligence grows as a function of the number of sources contributing information. But achieving that kind of harmony isn’t easy. Many companies are reluctant to disclose security information for fear that they could open themselves to attack or inadvertently reveal secrets. The Ponemon study found that only 24% of companies currently exchange threat intelligence with peers in the same industry.

Some vertical industry consortia are forming, and startups like TruStar are experimenting with anonymised reporting. But for now, most threat intelligence activities are confined behind the firewall. It doesn’t make sense for them to stay there, though. Like the open-source software that’s fueling the big data revolution, threat intelligence benefits most from an active community of contributors.

CSO

 

« Indian Police In A Cyberwar
The New US President Must Win the Cyber War On Terror »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

Cloud Industry Forum (CIF)

Cloud Industry Forum (CIF)

Cloud Industry Forum is a non-profit industry body that champions and advocates the adoption and use of Cloud-based services by businesses and individuals.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

Exida

Exida

Exida is a leading product certification and knowledge company specializing in industrial automation system safety, security, and availability.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.