The Science of Threat Intelligence

Uploaded on 2016-10-18 in FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Resilience

Threat intelligence, a discipline which is rooted in large-scale analytics, is defining a new attack detection technique that gives security organisations the ability “to recognise and act upon indicators of attack and compromise scenarios in a timely manner,” according to SANS Institute.

It’s a rifle-shot approach to a problem that has foiled previous shotgun tactics like locking down all the doors into the organisation.

Threat intelligence tools monitor network traffic and known vulnerability points to look for indicators of attacks as they progress. They then stitch this information together into a shared knowledge base that can be used to design prevention strategies at a macro level.

A simple example of a threat intelligence event is a failed login attempt. While unremarkable in isolation, a series of failed logins under the same username may indicate an attempted break-in. If the failures occur in rapid succession or if the login credentials show a pattern of easily guessed passwords, then it’s a good bet automation is at work and a large-scale attack may be imminent.

The rise of threat intelligence indicates a shift in the way organisations are thinking about security. But there are still daunting problems to solve. One is sorting out the vast amount of information that needs to be examined.

So it’s not surprising that a recent survey by the Ponemon Institute found that 68%of US IT security managers said their teams spend a significant amount of time chasing false positives. Only 32% prioritise alerts that need to be investigated. In other words, teams are in constant crisis mode, chasing signs of aberration without really understanding what they mean. Only 39% of the respondents to the Ponemon survey rated their ability to detect attacks as highly effective.

Thanks to big data, that may all be about to change. Dozens of vendors are working on solutions using the profusion of new big data analytics tools. These tools are still maturing, but they show great promise to work at the speed and scale that threat intelligence requires.

The good news, as reported by SANS Institute, is that 69% of respondent companies are implementing threat intelligence to some extent, though only about one-quarter are using it extensively. A 2015 Ponemon study found that one-third of security managers expect to increase their threat intelligence budgets significantly.

The greatest gains may actually come from a low-tech approach, however: sharing information. Like networks themselves, the value of threat intelligence grows as a function of the number of sources contributing information. But achieving that kind of harmony isn’t easy. Many companies are reluctant to disclose security information for fear that they could open themselves to attack or inadvertently reveal secrets. The Ponemon study found that only 24% of companies currently exchange threat intelligence with peers in the same industry.

Some vertical industry consortia are forming, and startups like TruStar are experimenting with anonymised reporting. But for now, most threat intelligence activities are confined behind the firewall. It doesn’t make sense for them to stay there, though. Like the open-source software that’s fueling the big data revolution, threat intelligence benefits most from an active community of contributors.

CSO

 

« Indian Police In A Cyberwar
The New US President Must Win the Cyber War On Terror »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

VectorUSA

VectorUSA

VectorUSA is a premier technology solution provider. We design, build and maintain cybersecurity, data center, wireless and managed solutions – transforming business needs into technology solutions.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Schneider Downs

Schneider Downs

Schneider Downs & Co. provides accounting, tax and business advisory services through innovative thought leaders who deliver their expertise to meet the individual needs of each client.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.