Adding threat intelligence to the security mix

Today’s threat landscape is so complex and fast-paced, it is impossible to prevent every threat or attack. The criminal organisations behind cybercrime are well-funded, and have the technical skills to stay ahead of mitigation tools and techniques. They target technologies and the human weakness to find their way in to corporate networks.

 

Simon Campbell-Young, Sales Director at Credence Security, says this is compounded by the fact that companies rely heavily on technology and connectivity, putting their data and systems at risk. “And these risks are not just about money – over and above financial losses, there is catastrophic damage to reputation to consider, as well as steep regulatory fines which can see a business close its doors, permanently.”

 

He says one thing is certain, and that is that no organisation, either public or private sector, can hope to match the resources of today’s cyber criminals. “No sooner has a business got a handle on one type of threat, another raises its ugly head. Cybercriminals are constantly changing their tactics, widening the attack surface, and developing new tools and techniques to bypass even the most sophisticated security solutions.”

 

This is where threat intelligence comes in. Gartner describes threat intelligence as: “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”

 

Campbell-Young says threat intelligence can have a significant impact on a company’s ability to anticipate security incidents before they happen. In turn, this enables them to react more quickly to mitigate any potential damage, and put defence tools in place before the attack, and proactively fight a breach when it occurs.

 

“Having insight into who might be behind the attack, will enable an organisation to act decisively and appropriately, knowing how to handle a specific advanced persistent threat (APT), as they will already know how it works, and can block the avenues it uses to infiltrate the network. For example, a certain cyber criminal group will be known to target specific types of information or systems, and a business can allocate defence resources accordingly.”

 

Businesses today simply must find a way to add threat intelligence into their security strategies, and integrate it into every aspect of security operations, he says. Threat intelligence will provide the necessary information that could indicate the business is in danger of a breach. “It looks for specific indicators, and known cyber criminal activity, offering situational awareness and a deep understanding of the threat landscape. It gives insight into who might see your business as an attractive target, and what they might be after.”

 

However, it goes beyond simply gathering this type of information, he adds. “Threat intelligence must be fully integrated, and tailored to offer actionable, accurate, relevant and timely reporting on any potential dangers. It isn’t a silver bullet by any means – it’s about the best guess. By understanding the past, it can help to predict the future, and highlight any probably targets for hackers. Essentially, it’s keeping an outward eye on the global threat landscape, to help a business prepare the strongest defences possible.”

 

According to Campbell-Young, threat intelligence is about predicting what is likely to happen, based on several different factors, which gives the security team the ability to be proactive in defence and on the look-out.

 

Adding threat intelligence into the security mix guarantees that all possible bases are covered, and the organisation is in the best place to not only prevent breaches, but identify a breach that is taking place in enough time to mitigate and manage the situation. This will ensure that no valuable data is compromised, and with it, the company’s reputation.