The Science of Threat Intelligence

Uploaded on 2016-10-18 in FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Resilience

Threat intelligence, a discipline which is rooted in large-scale analytics, is defining a new attack detection technique that gives security organisations the ability “to recognise and act upon indicators of attack and compromise scenarios in a timely manner,” according to SANS Institute.

It’s a rifle-shot approach to a problem that has foiled previous shotgun tactics like locking down all the doors into the organisation.

Threat intelligence tools monitor network traffic and known vulnerability points to look for indicators of attacks as they progress. They then stitch this information together into a shared knowledge base that can be used to design prevention strategies at a macro level.

A simple example of a threat intelligence event is a failed login attempt. While unremarkable in isolation, a series of failed logins under the same username may indicate an attempted break-in. If the failures occur in rapid succession or if the login credentials show a pattern of easily guessed passwords, then it’s a good bet automation is at work and a large-scale attack may be imminent.

The rise of threat intelligence indicates a shift in the way organisations are thinking about security. But there are still daunting problems to solve. One is sorting out the vast amount of information that needs to be examined.

So it’s not surprising that a recent survey by the Ponemon Institute found that 68%of US IT security managers said their teams spend a significant amount of time chasing false positives. Only 32% prioritise alerts that need to be investigated. In other words, teams are in constant crisis mode, chasing signs of aberration without really understanding what they mean. Only 39% of the respondents to the Ponemon survey rated their ability to detect attacks as highly effective.

Thanks to big data, that may all be about to change. Dozens of vendors are working on solutions using the profusion of new big data analytics tools. These tools are still maturing, but they show great promise to work at the speed and scale that threat intelligence requires.

The good news, as reported by SANS Institute, is that 69% of respondent companies are implementing threat intelligence to some extent, though only about one-quarter are using it extensively. A 2015 Ponemon study found that one-third of security managers expect to increase their threat intelligence budgets significantly.

The greatest gains may actually come from a low-tech approach, however: sharing information. Like networks themselves, the value of threat intelligence grows as a function of the number of sources contributing information. But achieving that kind of harmony isn’t easy. Many companies are reluctant to disclose security information for fear that they could open themselves to attack or inadvertently reveal secrets. The Ponemon study found that only 24% of companies currently exchange threat intelligence with peers in the same industry.

Some vertical industry consortia are forming, and startups like TruStar are experimenting with anonymised reporting. But for now, most threat intelligence activities are confined behind the firewall. It doesn’t make sense for them to stay there, though. Like the open-source software that’s fueling the big data revolution, threat intelligence benefits most from an active community of contributors.

CSO

 

« Indian Police In A Cyberwar
The New US President Must Win the Cyber War On Terror »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Trusted Knight

Trusted Knight

Trusted Knight is a leading provider of security software solutions focused on defeating newly developed malware and crimeware trojans.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

Ribbon Communications

Ribbon Communications

Ribbon Communications delivers global communications software and network solutions to service providers, enterprises, and critical infrastructure sectors.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.

BestDefense

BestDefense

BestDefense offers proactive cybersecurity solutions that adapt in real-time to outpace evolving threats and ensure resilient protection for your critical assets.

Astra Cybertech

Astra Cybertech

At Astra Cybertech, we're more than just cybersecurity experts - we're your partners in safeguarding your digital assets.

Intech Security

Intech Security

Intech Security provides expert cybersecurity services, including Cyber Essentials, to protect UK businesses from digital threats and ensure compliance.