Threat-intelligence role grows as new threat sharing, analytics opportunities expand CSO toolkits

The recent launches of a slew of new threat-analytics services have rapidly expanded options for CSOs who are being increasingly exhorted to improve their monitoring and analysis of their ongoing data-security situations.

Threat-intelligence firm BrightPoint Security, for one, recently dropped its Sentinel Security Command Platform, which expands threat-intelligence data and is supported by BrightPoint Security Exchange, a threat-sharing platform that uses patented proprietary technology to facilitate threat collaboration. The platform can also instantly analyse new threats using BrightPoint's machine-learning engine, which trawls threat-related documents, reports and informal conversations to produce STIX reports for followup throughout the security community.

A partnership between Verizon Enterprise Solutions and data-analytics upstart Splunk, for one, will see Verizon's security services bolstered with real-time analytics to make better sense of the more than 1 million security events that Verizon's Managed Security Services arm handles every day.

The Splunk capabilities will be integrated with Verizon's Advanced Security Operations Center (ASOC), providing what the company called “efficiencies, end-to-end security context and superior intelligence” compared with conventional security information and event management (SIEM) systems. The partnership will be particularly useful in keeping up with the increased data and security burden posed by the emerging Internet of Things (IoT), which often exist externally to conventional network-attached resources and must be managed and analysed accordingly. Last September, Verizon released a Splunk app to improve access to the company's rich threat-intelligence information.

The introduction of more readily accessible threat-intelligence capabilities is intended to empower businesses to take better control of their security-monitoring environment, tapping into threat-intelligence capabilities that have become significantly more robust in recent years. It's an extension of an ongoing campaign to empower users with data and context to understand the attacks with which they are likely to be targeted.

“If you're talking to executives or other line-of-business managers outside of security, [better threat intelligence] means they can really understand some of the risk that they may face,” Aaron Sharp, security solutions consultant with Verizon Enterprise Solutions told CSO Australia upon the recent launch of the company's Data Breach Digest (DBD) report.

“It usually comes back to the data set,” Sharp said. “People don't have endless security budgets, and we really want to help them understand where are their real threats and real risks – and where they get the best bang for buck in terms of putting preventative, detective and response type controls in place to protect their business and their customers.”

Growing use of threat-intelligence platforms reflects a growing imperative for CSOs to engage with threat-intelligence communities to both share information about their experiences, and to learn from the experiences of their peers.

Also playing to the collaborative threat-detection theme, Arbor Networks targeted the threat-intelligence sector with the launch of Spectrum, a platform that the company says “uncovers the internet conversations and lateral movement of attackers on customer networks to reduce business risk from advanced cyber-threats.”

Read more: ​Stop just collecting security data and start using it better in 2016: Ovum

That system taps into Arbor Networks' Active Threat Level Analysis System (ATLAS), a global exchange for threat information that tracks security trends including ever-escalating DDoS attacks.

Security-analytics firm Nuix was also getting in on the action, with a pair of Nuix Insight-branded intelligence platforms providing threat intelligence-based continuous protection and breach-analysis forensic capabilities designed to help organisations both stop attacks before they happen, and to trace through log data searching for telltale signs of attack if something unexpected goes wrong.

And Blue Coat recently joined forces with enterprise-storage giant NetApp to offer a focused storage solution that “significantly expands the capture window from weeks to months”, the company said in a statement. That offering is squarely targeted at users of the Blue Coat Security Analytics threat-intelligence platform, which like all such solutions works better when fed larger security-log data sets that would be unwieldy on many existing storage infrastructures.

Read more: Machine learning key to building a proactive security response: Splunk

Join us at the CSO Perspectives Roadshow in March.

  • Hear from International keynote speakers:Robert Lentz, and Graham Cluley,
  • A Security Awareness stream
  • 18 different interactive Security Exchange discussions
Join CSO for a day of networking with your peers, engaging and discussing topics relevant to you, hearing from some of the top worldwide IT Security leaders in the market and attending the exhibition floor to win some amazing prizes. Read more: Security, privacy dominate businesses' cloud concerns as technical worries fade

Join the CSO newsletter!

Error: Please check your email address.

Tags analyticsAdvanced Security Operations Center (ASOC)threat-intelligencesplunkCSO AustraliaBrightPoint Security

More about AdvancedArbor NetworksCSOInsightIT SecurityNetAppNuixSharpSplunkVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place