Enterprises are trying to learn as much as they can about the threats their organizations face and how well (or not) they may be defended against them. This is one of the reasons why the threat intelligence security services spending market is set,according to market research firm IDC, to reach $1.4 billion in 2018, up from $905 million in 2014.
As colleague Tony Bradley wrote in his post Cyber threat intelligence is crucial for effective defense, not all threats are created equally, and not all threats would have the same impact on an organization if they were successful. “It’s important for companies to be aware of all potential threats, but threat intelligence goes a step further and allows those companies to dedicate security resources to strengthen defenses where necessary to strengthen the security posture against the attacks that are most likely to actually occur,” Bradley wrote.
Good threat intelligence is comprehensible and actionable. Having good situational awareness on your enterprise controls, as well as comprehending the past actions, abilities, and motives of likely attackers. This kind of awareness will help you to know what data to protect and how and it can also help your organization to best guide its security investments. This will help security analysts’ response teams more effectively prioritize to security alerts and security event notifications.
As Grayson Milbourne, security intelligence director at Webroot said in the story Threat Intelligence Needs to Grow Up, what is most important for enterprises to be aware of when it comes to threats are those that matter to their own environments. “We need to be looking at how often these threats are encountered in the world. Eighty percent of threats aren’t even prevalent anymore,” Melbourne said.
Good threat intelligence is also based on evidence about potential threats to the data, interests, and ability to conduct business. In reading this data, the noise and superfluous information are plenty and it’s hard to focus on what matters. There is so much data about threats, vulnerabilities, and security event alerts pouring in it’s easy to just stop paying attention. As colleague Steve Ragan wrote in his post Information Overload Finding Signals in the Noise, “Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.”
That’s why it’s important that threat intelligence gets done right. Getting it wrong sets up enterprises to fail in their security efforts by making bad decisions. This is especially true as enterprise technology is moving so swiftly with cloud, mobile, and IoT. Threat intelligence is how enterprise security teams can not only understand how they can better invest in security defenses, build the necessary processes, and mitigate the risks of attack.
With all of that in mind, we’ve assembled the following collection of stories to help you succeed in understanding the threats that face your enterprise and how to begin to reduce them:
Incorporating threat intelligence can significantly improve the effectiveness of your Security. Awareness program, if you do it correctly.
A new Ponemon report commissioned by Webroot underscores the importance of threat intelligence in developing a strong security posture.
Threat intelligence technology is a critical component to a successful Web security strategy. A recent IDG Research Services survey found that the number of IT execs who plan to deploy threat intelligence technologies is increasing.
There is much confusion about threat intelligence. Many of the organizations that need it don't have the elements in place to process the information and make it actionable.
Security teams are overwhelmed with a massive amount of threat data. While a decade ago no one was talking about threat intelligence except government agencies, organizations are now bombarded with threat data leaving them challenged with identifying what is relevant.
Threat intelligence systems that deliver accurate and actionable information about cyberthreats can help IT end an attack before real damage is done.
With the Cybersecurity Information Sharing Act (CISA) the feds are trying to make it more attractive to share threat intelligence, but it won’t do much to help businesses deal with the high cost of sorting through what can be an overwhelming flow of possible security incidents.
Integrating threat intelligence feeds with mobile device management platforms can shore up BYOD security.
A Bloomberg story, backed by data collected by threat intelligence firm, ThreatStream, mistakenly identified scans by a security researcher as a nation-state attack. According to the data, Chattanooga, Tenn., is second only to Beijing in terms of scaled attacks.
We’ve covered a good deal of what is and what isn’t threat intelligence this week from the show floor at the RSA Conference. So for today’s second post, we'll focus on a threat advisory from Solutionary, which warns of a planned operation against the finance sector by Anonymous called OpIcarus.
Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside.
Kevin Liston at the SANS Internet Storm Center explores more useful ways to deal with malware intelligence.
We review security products from ThreatConnect, ThreatStream, Soltra, Arbor Networks and iSIGHT Partners.
This article was originally published on Mar 18, 2016, csoonline.com