• United States



CSO Threat Intelligence Survival Guide

Mar 18, 20165 mins
CybercrimeData and Information SecuritySecurity

If enterprises want to understand how they can better invest in security defenses, build the necessary processes to respond to attacks, and mitigate the risks of a breach they need to get threat intelligence right.

Enterprises are trying to learn as much as they can about the threats their organizations face and how well (or not) they may be defended against them. This is one of the reasons why the threat intelligence security services spending market is set, according to market research firm IDC, to reach $1.4 billion in 2018, up from $905 million in 2014.

As colleague Tony Bradley wrote in his post Cyber threat intelligence is crucial for effective defense, not all threats are created equally, and not all threats would have the same impact on an organization if they were successful. “It’s important for companies to be aware of all potential threats, but threat intelligence goes a step further and allows those companies to dedicate security resources to strengthen defenses where necessary to strengthen the security posture against the attacks that are most likely to actually occur,” Bradley wrote.

Good threat intelligence is comprehensible and actionable. Having good situational awareness on your enterprise controls, as well as comprehending the past actions, abilities, and motives of likely attackers. This kind of awareness will help you to know what data to protect and how and it can also help your organization to best guide its security investments. This will help security analysts’ response teams more effectively prioritize to security alerts and security event notifications.

As Grayson Milbourne, security intelligence director at Webroot said in the story Threat Intelligence Needs to Grow Up, what is most important for enterprises to be aware of when it comes to threats are those that matter to their own environments. “We need to be looking at how often these threats are encountered in the world. Eighty percent of threats aren’t even prevalent anymore,” Melbourne said.

Good threat intelligence is also based on evidence about potential threats to the data, interests, and ability to conduct business. In reading this data, the noise and superfluous information are plenty and it’s hard to focus on what matters. There is so much data about threats, vulnerabilities, and security event alerts pouring in it’s easy to just stop paying attention. As colleague Steve Ragan wrote in his post Information Overload Finding Signals in the Noise, “Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there’s too much coming in, those alerts and notifications fall to the wayside. They’re easily dismissed and ignored.”

That’s why it’s important that threat intelligence gets done right. Getting it wrong sets up enterprises to fail in their security efforts by making bad decisions. This is especially true as enterprise technology is moving so swiftly with cloud, mobile, and IoT. Threat intelligence is how enterprise security teams can not only understand how they can better invest in security defenses, build the necessary processes, and mitigate the risks of attack.

With all of that in mind, we’ve assembled the following collection of stories to help you succeed in understanding the threats that face your enterprise and how to begin to reduce them:

5 steps to incorporate threat intelligence into your security awareness program

Incorporating threat intelligence can significantly improve the effectiveness of your Security. Awareness program, if you do it correctly.

Cyber threat intelligence is crucial for effective defense

A new Ponemon report commissioned by Webroot underscores the importance of threat intelligence in developing a strong security posture.

Threat Intelligence: Emerging as a Key Element in Defense

Threat intelligence technology is a critical component to a successful Web security strategy. A recent IDG Research Services survey found that the number of IT execs who plan to deploy threat intelligence technologies is increasing.

Decoding threat intelligence

There is much confusion about threat intelligence. Many of the organizations that need it don’t have the elements in place to process the information and make it actionable.

Threat intelligence needs to grow up

Security teams are overwhelmed with a massive amount of threat data. While a decade ago no one was talking about threat intelligence except government agencies, organizations are now bombarded with threat data leaving them challenged with identifying what is relevant.

Threat intelligence systems that deliver accurate and actionable information about cyberthreats can help IT end an attack before real damage is done.

CISA won’t do much to turn threat intelligence into action

With the Cybersecurity Information Sharing Act (CISA) the feds are trying to make it more attractive to share threat intelligence, but it won’t do much to help businesses deal with the high cost of sorting through what can be an overwhelming flow of possible security incidents.

How to use threat intel to boost mobile security

Integrating threat intelligence feeds with mobile device management platforms can shore up BYOD security.

Threat Intelligence firm mistakes research for nation-state attack

A Bloomberg story, backed by data collected by threat intelligence firm, ThreatStream, mistakenly identified scans by a security researcher as a nation-state attack. According to the data, Chattanooga, Tenn., is second only to Beijing in terms of scaled attacks.

Information vs. Intelligence: Anonymous targets the banking industry

We’ve covered a good deal of what is and what isn’t threat intelligence this week from the show floor at the RSA Conference. So for today’s second post, we’ll focus on a threat advisory from Solutionary, which warns of a planned operation against the finance sector by Anonymous called OpIcarus.

Information overload: Finding signals in the noise

Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there’s too much coming in, those alerts and notifications fall to the wayside.

Malware Intelligence: Making it actionable

Kevin Liston at the SANS Internet Storm Center explores more useful ways to deal with malware intelligence.

REVIEW: Threat Intelligence could turn the tide against cybercriminals

We review security products from ThreatConnect, ThreatStream, Soltra, Arbor Networks and iSIGHT Partners.