Information Security / Five ways threat intelligence can supercharge security
Five ways threat intelligence can supercharge security
19 June 2019
Karen Levy, Senior Director Product and Client Marketing at Recorded Future, considers the 5 ways organisations can use threat intelligence to supercharge their security, as well explore how web browser threat intelligence works and highlight which threats to prioritise.
Time is of the essence when it comes to dealing with threats to cyber security. Any delays in detecting and stopping an attack on a network gives hackers more time to identify weaknesses, steal information, corrupt files and systems and generally wreak havoc.
Yet with the vast volume of threats and large networks to monitor, how can organisations identify the most potentially harmful and be able to stop them in time or prevent them from entering the network in the first place?
Below are five ways that SaaS-based automated threat intelligence services can supercharge an organisation’s IT security.
Also of interest: Five key considerations for CISOs that are easily overlooked
Triaging alerts at the click of a mouse
Research by Cisco shows that 44 percent of threats received by security teams within an organisation are not investigated. The enormity of the number and variety of threats means that even the most well-resourced teams will struggle to monitor every one that comes their way. And that is in organisations where there are dedicated teams of several employees doing the monitoring.
At smaller businesses, where the security contingent might be just one person, who may also have responsibility for other aspects of an IT network, that proportion of threats going un-investigated is likely to be much higher.
Threat intelligence can help, but to do so it needs to be used directly with SIEM. Conventional threat intelligence solutions that simply supply an emailed bulletin of threats to look out for are just adding to the workload of over-stretched teams.
By layering threat intelligence over the SIEM, security teams are able to triage the most critical alerts in real-time using valuable external context.
Also of interest: Is it time for the cyber security industry to grow up?
Protecting email while ensuring it’s not snail mail
One of the biggest weaknesses in any network defence is email. Unprincipled threat actors rely on being able to get through email security solutions and persuading unsuspecting recipients to open a link by posing as genuine senders.
Once the link has been opened, malware is downloaded onto the system, providing hackers with their way in. Based on such scenarios it is no surprise to learn that latest research by Verizon shows that 94 percent of malware is delivered to corporate networks via email.
As a method of communication in which information contained within them may need to be acted on in a timely fashion, delaying the delivery of emails while they are investigated is not practical.
By combining threat intelligence with an email security system, security teams can seamlessly access rich contextualised information about IPs and domains connected to suspicious emails.
Any email delivered that is highlighted as a real potential threat can be quarantined and investigated further, without any disruption to colleagues receiving all their other emails.
Also of interest: Protecting your organisation from insider threats
Targeting vulnerabilities posing the greatest threat
In 2018 a total of 16,500 security vulnerabilities were identified. This is a significant increase on 2017 and the number is likely to rise even further this year. So, there are a vast amount of vulnerabilities a threat actor could exploit to infiltrate a system, which no security team will be able to keep on top of.
Instead, an organisation’s security team needs to know which of the many vulnerabilities on their system pose the greatest threat. Once this information is known, security teams can then do what is necessary to mitigate them.
Threat intelligence that is incorporated with vulnerability scans ensures that the specific weaknesses threat actors are targeting currently or in the near future, are flagged as a priority.
Also of interest: How to use deception to gain the advantage over cyber-attackers
Ensuring the reputation of files
Unknown files are problematic for security teams. Coming into an organisation as email attachments, it is often difficult to determine the legitimacy of these files through reputation services alone.
The reason is that cyber criminals are getting more cunning at hiding malware in files that on the surface look harmless. They can do this in several ways, such as using stolen certificates to give the appearance of being authentic or using code taken from other malware to make detecting a new attack more difficult.
Using web-based threat intelligence tools alongside file reputation services rapidly provides the context around the indicators necessary to ensure a swift response and resolution.
Also of interest: How can bug bounties secure identity services?
Threat intelligence does the leg work faster
At the end of the day how much time does your security team have to research current and future threats to your corporate network?
There are almost an infinite number of threats and nearly as many sources where these are being identified. Reading through all this information takes time – the average person can only read 50 to 70 words of technical material a minute – then any relevant intelligence needs to be acted upon.
Automated threat intelligence, powered by machine learning, can identify these threats more quickly and accurately than human input alone. This means that the humans can spend less time researching threats and more time tackling them.
Also of interest: Five uncomfortable truths about phishing defence
Using the web to catch the threats
To be truly effective, security teams need threat intelligence solutions that offer seamless, one-click access from any web browser to provide an easy to understand risk assessment in real time. This means that anyone in an organisation concerned with security can identify and deal with a threat, before it can cause any harm – creating a supercharged cyber security team.