How Effective Is Your Threat Intelligence?
Threat intelligence is information an organisation uses to understand the threats that have, will, or are currently targeting the organisation. This information is used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources.
Threat intelligence solutions gather raw data about emerging or existing threat actors and threats from a number of sources. This data is then analysed and filtered to produce threat intel feeds and management reports that contain information that can be used by automated security control solutions. The primary purpose of this type of security is to keep organisations informed of the risks they face.
Digital technologies lie at the heart of nearly every industry today. The automation and greater interconnection they offer have revolutionised the world’s economic and cultural institutions, but they’ve also brought risk in the form of cyber attacks.
Threat intelligence is knowledge that allows you to prevent or mitigate those attacks. Rooted in data, threat intelligence provides context, like who is attacking you, what their motivation and capabilities are, and what indicators of compromise in your systems to look for, that helps you make informed decisions about your security.
The accreditation and certification body for the technical security industry CREST has developed a new maturity assessment tool for Cyber Threat Intelligence (CTI) programmes.
The licence-free tool will help organisations to predict, prepare for, detect and respond to potential attacks through more effective CTI programmes. This new Cyber Threat Intelligence Maturity Assessment Tool provides continuous and effective analysis of a CTI programme in terms of people, processes and technology and supports the adoption of a systematic, structured approach to intelligence gathering. Development of the CREST tool was led by the CTIPs (CREST Threat Intelligence Professionals) group with support of its members, industry bodies and suppliers of expert technical security services.
It is based on the 18 steps within the four-phase CTI capability programme presented in the CREST CTI Management Guide.
As different private and public sector organisations require different levels of CTI maturity, the CREST tool reviews maturity against actual requirements and compares it with other similar organisations.
While organisations with a mature CTI programme may manage most of their operations in-house, those who are less mature may depend entirely on third parties.
A weighting factor can be set to give the results for particular steps more importance than others. The selected levels of maturity are displayed graphically for each of the four phases and overall, with calculations that take account of both the level of maturity selected for each step and the given weighting. “For many companies and organisations, threat intelligence is a relatively new but increasingly essential tool in the battle against cybercrime... So, it is vital that those responsible for CTI programmes can measure the maturity and effectiveness of their programmes against standardised metrics relevant to both their business and the level of threat." said Ian Glover, president of CREST.
The best solutions use machine learning to automate data collection and processing, integrate with your existing solutions, take in unstructured data from disparate sources, and then connect the dots by providing context on indicators of compromise (IoCs) and the tactics, techniques, and procedures (TTPs) of threat actors.
Many of the most common third-party risk management practices employed today are lagging behind security requirements. Static assessments of risk, like financial audits and security certificate verifications, are still important, but they often lack context and aren’t always timely. There’s a need for a solution that offers real-time context on the actual threat landscape.
Threat intelligence is one way to do just that. It can provide transparency into the threat environments of the third parties you work with, providing real-time alerts on threats and changes to their risks and giving you the context you need to evaluate your relationships.
For more information and advice on undertaking a Cyber Audit contact Cyber Security Intelligence.
Information Security Buzz: Recorded Future: ForcePoint:
You Might Also Read:
Redefining OSINT To Win The Cybercrime War:
The Scope Of A Cyber Security Audit: