How To Integrate Threat Intelligence

In a complicated, fast-paced cyber environment, it's difficult to hunt for vulnerabilities. Automating intelligence can really help you find them.

Integrating cyber threat intelligence (CTI) into a DevOps platform is critical to prevent, detect, respond, and predict cybersecurity threats in a more timely and cost-effective manner.

This is because integration allows automation of everyday tasks such as patch management and vulnerability scanning, allowing employees to turn their attention away from these automated tasks to focus on more complex problems and analyses.

Ideally, you will subscribe to threat feeds that have information specific to your systems, networks, or industry, because a power plant operator will want different kinds of threat information than a bank IT team. 

If your threat feed is specific to your environment, it could help automate the discovery of vulnerabilities and help you prioritise fixes. If you get a threat alert about a specific application you are running and you have information about how to remediate, it's more likely you can create an automated task to fix the vulnerability.

This automation of threat intelligence creates several benefits for an organization, such as the following:

•    Reducing the mean time to discovery of vulnerabilities and subsequent recovery.
•    More quickly lowering risk in your organization's overall security posture, which allows for quicker response to vulnerabilities or attacks
•    Preventing attackers from repeating attacks

Other areas where automation can provide value beyond vulnerable applications include:

•    Automatically feeding information to dashboards and reports
•    Removing bottlenecks so that your changes process more intelligently and faster
•    Reducing errors in DevOps systems configurations

Are you Integrating Cyber Threat Intelligence?

To determine if your organisation is integrating cyber-threat intelligence in a valuable way, consider this checklist:

•    Do you have real-time threat intelligence data feeds? Are you using a threat intelligence platform?
•    Can you glean intelligent courses of action from your intelligence feed?
•    Are you proactively sharing your intelligence with other business units in your organisation, at a minimum?
•    Are your analysts more efficient in that they aren't spending hours reading PDFs and emails?
•    Are you able to measure the time to respond and show it's decreasing?
•    Have you prevented the same attacks/malware from being repeated against various parts of your enterprise network?

If the answer to any of these questions is no, your organisation is leaving a lot on the table.

How Do You Create Cyberthreat Intelligence Integration?

The benefits are clear, and you've determined that your organization could improve CTI. What's next?

First, the basic requirements. You'll need a decent pipeline to start with by leveraging a continuous integration server (Jenkins is a good example). You'll also need a configuration management server (such as Chef). 

The requirements list also contains miscellaneous items such as central logging, a central vulnerability scanning system, and firewall management (or the ability to control your infrastructure using something like Terraform). You'll need a minimum of one threat feed, more if you can spare it, coming into your infrastructure in a central place. These basic requirements will all come together to create your threat intelligence platform (TIP). Now that the pieces are in place, you'll need to stick it all together with glue. You'll need a way for your TIP to auto-review the threat feeds and trigger off of the ones that matter to your environment. For example, technology on your stack can identify threat campaigns against Amazon Web Services, where your critical operations are running. Then you'll need a way to plug in the recommended action.

If the recommended action is to upgrade a software component, then you can have your TIP tell your configuration management tool to upgrade the NGINX Web server to a version that's not vulnerable. Chef can then deploy and upgrade NGINX on your hosts.

And lastly, you'll want to ensure you've automatically opened a ticket in your issue tracker (such as Jira) to track the work. Include logs of the actions taken in both your issue tracker and to your central logging service.

The benefits of integrated cyber-threat intelligence are clear. Whether you're just getting your DevOps program started or are looking to bring an existing one into the 21st century, it's a critical component of future success. 

Dark Reading

You Might Also Read:

Threat Intelligence Starter Resources:

Are Employees Your Weakest Link When It Comes To Security?:

Artificial Intelligence Gives Business Wings:

Find The Hacker With Action Security Intelligence:

 

« Cyberspies: The Secret History of Surveillance, Hacking And Digital Espionage
Uber In Legal Fight With Google »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Arsenal Recon

Arsenal Recon

Arsenal Recon are digital forensics experts, providing consultancy services and powerful software tools to improve the analysis of electronic evidence.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Pipeline Security

Pipeline Security

Pipeline is a leader in cybersecurity, offering comprehensive services to protect organizations from evolving threats.

Italtel

Italtel

Italtel is a multinational ICT company that combines networks and communications services with the ability to innovate and develop solutions for digital transformation.

Patriot Cyber Defense

Patriot Cyber Defense

Patriot Cyber Defense is a Cyber Security and Management Consulting professional services firm.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

Insurica

Insurica

INSURICA is a full-service insurance agency built upon a tradition of integrity, industry leadership, and excellence.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.