Clever thinking

Gaining insight into every incoming threat is invaluable to a company's security posture and can be gathered through a combination of smart security strategies

Intelligence is a strategic technology trend cited by global analysts Gartner for businesses in 2019. As businesses realise the value of collecting and analysing data, they are becoming data-driven enterprises.

"The value of data is something not to be underestimated," states Jaime Blasco, AVP of product development at AT&T Cybersecurity (formerly AlienVault). "Indeed, information overload typically has a bad connotation, but when it comes to protecting an organisation's network, it's an asset. High on the list of best practices and policies is threat intelligence, which allows security teams the visibility required to pinpoint specific threats."

In fact, the most common threat intelligence use case cited by 58% of respondents from a 2018 report produced by Cybersecurity Insiders for AlienVault was detecting threats and attacks. Other uses included incident response (49%), vulnerability management (45%), blocking threats (44%), blocking malicious domains or IP addresses at egress points, such as firewalls and threat intelligence gateways (43%). Yet, according to the same report, almost 60% of respondents rated their organisations as only average or worse when it comes to threat intelligence effectiveness.

"Understanding where threats are coming from allows security leaders to better protect their networks and defend against full-blown attacks before they turn into record-breaking headlines," points out Blasco. "This key information about threats also helps improve incident response in both clarity and efficiency."

Constant risks like malspam, ransomware, phishing campaigns and infrastructure vulnerability mean that security teams face greater dangers than ever before. "Risk mitigation has never been more vital, yet many companies overlook this crucial step and quickly find themselves reacting, rather than responding. Thankfully, threat intelligence can quickly help soften the blow by providing better visibility into networks, allowing security leaders enough time to actually respond accordingly to each specific threat."

All of this is to say that the cyber threat landscape evolves quickly and organisations must reassess their current practices in order to stay ahead of the curve. "Threat intelligence plays a huge role here by allowing security teams to home in on specific threats and then use that data to determine how best to defend against those threats," he states. "Such insights also enable and empower security leaders to evolve internal policies and best practices as needed. This often means revamping current tools and solutions based on the unique data gathered from continuous threat intelligence insights."

The costs for implementing traditional threat intelligence solutions can be high. As the report points out, this appears to be a big challenge for the majority of companies, as 70% noted that they did not expect their budgets to increase, while only 20% said they did. Even worse, 6% expect a decrease over the next year. "However, companies that find themselves up against budgetary constraints can take some solace in the fact that there are free threat intelligence tools out there that can help them get this invaluable insight," says Blasco. "A 'neighbourhood watch' of sorts for enterprises, free and open sharing of threat data is collected from all over the globe helping researchers and cybersecurity professionals share and validate threat information in order to keep everyone safer."

It's not uncommon for security teams to burn through resources, scrambling to resolve security challenges. "As CSO Online points out, in situations like this, these challenges are not often aligned with critical business objectives. What's more, security teams may end up wasting time and money, only to discover that the organisation has been compromised by an attack from an unrecognised threat vector.

"It's paramount to understand where specific threats are coming from, in order to properly mitigate their associated risks. Without this kind of visibility, companies are essentially throwing darts without any perception of the actual target. To take full advantage of threat intelligence, security teams need to first determine the most critical business objectives and then align their efforts accordingly."

Each search should start with a clear understanding of the organisation's overarching goals, he advises. "This will also help when it comes to utilising resources by providing that the solutions or technologies required to improve threat intelligence are attainable ahead of time." BEWARE OF OUTDATED TOOLS
With an ever-expanding and evolving threat landscape, security teams must fine tune their tools and tactics. "The growth of cloud services and IoT devices present even more opportunities for bad actors to break in. While reassessing the current toolkit is an important step, it's equally valuable to provide that teams aren't just beefing up quantity over quality. False positive outcomes from threat intelligence efforts further compound this issue."

When security programmes attempt to quarantine or delete files they deem to be a threat, this can be a big speed bump in the way of a company's growth, he further comments. "By identifying which tools in a network are making these assumptions, and removing or correcting them, false positive threat counts will decrease. It's vital to update or replace threat identifying programs to keep up with today's growing number of real threats." The bottom line? "Some tools might need to be entirely replaced, while others could benefit from improvements and updates."

With threat intelligence, security teams can better see the actions that are being taken on their networks. They can more easily detect and pinpoint potential issues before they develop into full-blown attacks. "This likely explains why 77% of respondents to the report said threat intelligence is very or extremely important to their organisations' security posture," Blasco concludes.

"This kind of insight also makes it exponentially easier to respond to each threat, based on the risk involved. Because each threat is different, each response should be tailored to address the specific needs involved and threat intelligence makes this possible. Above all, reducing cyber risk and improving security posture means embracing the most effective tools and monitoring the latest trends. Threat intelligence can be a boon for this, as long as security leaders maintain constant access and visibility into their networks."