CSO Threat Intelligence Survival Guide

Enterprises are trying to learn as much as they can about the threats their organizations face and how well (or not) they may be defended against them. This is one of the reasons why the threat intelligence security services spending market is set,according to market research firm IDC, to reach $1.4 billion in 2018, up from $905 million in 2014.

As colleague Tony Bradley wrote in his post Cyber threat intelligence is crucial for effective defense, not all threats are created equally, and not all threats would have the same impact on an organization if they were successful. “It’s important for companies to be aware of all potential threats, but threat intelligence goes a step further and allows those companies to dedicate security resources to strengthen defenses where necessary to strengthen the security posture against the attacks that are most likely to actually occur,” Bradley wrote.

Good threat intelligence is comprehensible and actionable. Having good situational awareness on your enterprise controls, as well as comprehending the past actions, abilities, and motives of likely attackers. This kind of awareness will help you to know what data to protect and how and it can also help your organization to best guide its security investments. This will help security analysts’ response teams more effectively prioritize to security alerts and security event notifications.

As Grayson Milbourne, security intelligence director at Webroot said in the story Threat Intelligence Needs to Grow Up, what is most important for enterprises to be aware of when it comes to threats are those that matter to their own environments. “We need to be looking at how often these threats are encountered in the world. Eighty percent of threats aren’t even prevalent anymore,” Melbourne said.

Good threat intelligence is also based on evidence about potential threats to the data, interests, and ability to conduct business. In reading this data, the noise and superfluous information are plenty and it’s hard to focus on what matters. There is so much data about threats, vulnerabilities, and security event alerts pouring in it’s easy to just stop paying attention. As colleague Steve Ragan wrote in his post Information Overload Finding Signals in the Noise, “Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.”

That’s why it’s important that threat intelligence gets done right. Getting it wrong sets up enterprises to fail in their security efforts by making bad decisions. This is especially true as enterprise technology is moving so swiftly with cloud, mobile, and IoT. Threat intelligence is how enterprise security teams can not only understand how they can better invest in security defenses, build the necessary processes, and mitigate the risks of attack.

With all of that in mind, we’ve assembled the following collection of stories to help you succeed in understanding the threats that face your enterprise and how to begin to reduce them:

5 steps to incorporate threat intelligence into your security awareness program

Incorporating threat intelligence can significantly improve the effectiveness of your Security. Awareness program, if you do it correctly.

Cyber threat intelligence is crucial for effective defense

A new Ponemon report commissioned by Webroot underscores the importance of threat intelligence in developing a strong security posture.

Threat Intelligence: Emerging as a Key Element in Defense

Threat intelligence technology is a critical component to a successful Web security strategy. A recent IDG Research Services survey found that the number of IT execs who plan to deploy threat intelligence technologies is increasing.

Decoding threat intelligence

There is much confusion about threat intelligence. Many of the organizations that need it don't have the elements in place to process the information and make it actionable.

Read more: Software Vulnerability Management, 2016 Predictions

Threat intelligence needs to grow up

Security teams are overwhelmed with a massive amount of threat data. While a decade ago no one was talking about threat intelligence except government agencies, organizations are now bombarded with threat data leaving them challenged with identifying what is relevant.

SLIDESHOW: 8 new threat intelligence products to make you bulletproof

Threat intelligence systems that deliver accurate and actionable information about cyberthreats can help IT end an attack before real damage is done.

CISA won’t do much to turn threat intelligence into action

With the Cybersecurity Information Sharing Act (CISA) the feds are trying to make it more attractive to share threat intelligence, but it won’t do much to help businesses deal with the high cost of sorting through what can be an overwhelming flow of possible security incidents.

How to use threat intel to boost mobile security

Integrating threat intelligence feeds with mobile device management platforms can shore up BYOD security.

Threat Intelligence firm mistakes research for nation-state attack

A Bloomberg story, backed by data collected by threat intelligence firm, ThreatStream, mistakenly identified scans by a security researcher as a nation-state attack. According to the data, Chattanooga, Tenn., is second only to Beijing in terms of scaled attacks.

Information vs. Intelligence: Anonymous targets the banking industry

We’ve covered a good deal of what is and what isn’t threat intelligence this week from the show floor at the RSA Conference. So for today’s second post, we'll focus on a threat advisory from Solutionary, which warns of a planned operation against the finance sector by Anonymous called OpIcarus.

Information overload: Finding signals in the noise

Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside.

Malware Intelligence: Making it actionable

Kevin Liston at the SANS Internet Storm Center explores more useful ways to deal with malware intelligence.

REVIEW: Threat Intelligence could turn the tide against cybercriminals

We review security products from ThreatConnect, ThreatStream, Soltra, Arbor Networks and iSIGHT Partners.


This article was originally published on Mar 18, 2016, csoonline.com

Join the CSO newsletter!

Error: Please check your email address.

Tags Cyber Threat Intelligencemalware intelligencesecurity awarenesssecurity analystsPonemon ResearchIoTransomwaremalwarecyber securityWebrootIDC

More about Arbor NetworksBloombergIDGRSAThreat IntelligenceWebroot

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place