The Science of Threat Intelligence

Threat intelligence, a discipline which is rooted in large-scale analytics, is defining a new attack detection technique that gives security organisations the ability “to recognise and act upon indicators of attack and compromise scenarios in a timely manner,” according to SANS Institute.

It’s a rifle-shot approach to a problem that has foiled previous shotgun tactics like locking down all the doors into the organisation.

Threat intelligence tools monitor network traffic and known vulnerability points to look for indicators of attacks as they progress. They then stitch this information together into a shared knowledge base that can be used to design prevention strategies at a macro level.

A simple example of a threat intelligence event is a failed login attempt. While unremarkable in isolation, a series of failed logins under the same username may indicate an attempted break-in. If the failures occur in rapid succession or if the login credentials show a pattern of easily guessed passwords, then it’s a good bet automation is at work and a large-scale attack may be imminent.

The rise of threat intelligence indicates a shift in the way organisations are thinking about security. But there are still daunting problems to solve. One is sorting out the vast amount of information that needs to be examined.

So it’s not surprising that a recent survey by the Ponemon Institute found that 68%of US IT security managers said their teams spend a significant amount of time chasing false positives. Only 32% prioritise alerts that need to be investigated. In other words, teams are in constant crisis mode, chasing signs of aberration without really understanding what they mean. Only 39% of the respondents to the Ponemon survey rated their ability to detect attacks as highly effective.

Thanks to big data, that may all be about to change. Dozens of vendors are working on solutions using the profusion of new big data analytics tools. These tools are still maturing, but they show great promise to work at the speed and scale that threat intelligence requires.

The good news, as reported by SANS Institute, is that 69% of respondent companies are implementing threat intelligence to some extent, though only about one-quarter are using it extensively. A 2015 Ponemon study found that one-third of security managers expect to increase their threat intelligence budgets significantly.

The greatest gains may actually come from a low-tech approach, however: sharing information. Like networks themselves, the value of threat intelligence grows as a function of the number of sources contributing information. But achieving that kind of harmony isn’t easy. Many companies are reluctant to disclose security information for fear that they could open themselves to attack or inadvertently reveal secrets. The Ponemon study found that only 24% of companies currently exchange threat intelligence with peers in the same industry.

Some vertical industry consortia are forming, and startups like TruStar are experimenting with anonymised reporting. But for now, most threat intelligence activities are confined behind the firewall. It doesn’t make sense for them to stay there, though. Like the open-source software that’s fueling the big data revolution, threat intelligence benefits most from an active community of contributors.

CSO

 

« Indian Police In A Cyberwar
The New US President Must Win the Cyber War On Terror »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

CYMOTIVE Technologies

CYMOTIVE Technologies

Combining Israeli cyber innovation with a century of German automotive engineering. CYMOTIVE operates under the assumption that connectivity is a game changer for the automotive industry.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.