But are organizations effectively using threat data while developing their security strategies?by Ramon Vicen, CTO, Blueliv. Today’s threat landscape is becoming increasingly volatile as actors use ever-more sophisticated techniques to attack enterprises and governments around the world. The reality is that any organization that holds valuable data – from confidential company credentials to PII to industrial IP – is at risk of being attacked.

Though there is still significant work to be done in education, thankfully many organizations are waking up to the idea they should be looking beyond their perimeter to detect and prevent attacks before they happen: protecting themselves from the outside in using targeted, actionable threat intelligence.

We are also seeing growth in professional collaboration across the industry. Communities like our Threat Exchange Network are attracting a more diverse and global membership than ever before, demonstrating increasing cooperation among cybersecurity professionals, academics, LEAs and analysts – cyberattacks are a challenge we face together.

 

A new wave of cyberdefense

There is no single measure or technology that can achieve total defence, so organizations need to put in place different complementary solutions to minimize both risk and impact.

Accurate and crucially, actionable threat intelligence should be a fundamental component of any security strategy. Indeed, accurate threat intelligence is critical in order that organizations do not drown in data or chasing intelligence that provides no context or actionability.

Proactive threat monitoring improves resilience in several ways, but the key is using fresh, actionable intelligence to eliminate blind spots in your threat landscape. Monitoring should also go far beyond the standard or even deep web and include the dark web too, and only a handful of companies do this currently. By making your attack surface more robust and perimeter more secure, the less appealing you become to cyberattackers.

Targeted intelligence helps detect your weak points before they can be exploited, allowing you to bolster your security posture where necessary. It also accelerates your orchestration capabilities, and as a result enhances incident response teams’ management of a critical situation.

 

A long road ahead?

In terms of maturity, threat intelligence is still quite a nascent subsector, so there is first and foremost some education that needs to be done across the industry. Put simply, many organizations simply don’t yet grasp the value that this new wave can bring them, and are blinkered by assumptions.

For example, there is an assumption that a threat intel service demands yet another messy integration into an already-complex cybersecurity setup. This isn’t the case – cloud-based solutions offer frictionless usability, and have multiple options for feeding other security appliances.

There is another assumption that threat intelligence leads to information overload, decreasing overall efficiency. However, advances in automation and machine learning mean that we can provide targeted and relevant information with minimal false positives, enabling organizations to save time and resources by improving their incident response and boosting productivity.

Finally, many organizations fail to realize that threat intelligence needn’t just be another data feed to plug in to their SIEM. The biggest value add from threat intelligence providers is their ability to contextualize external threat data with internal incident information, helping organizations keep pace with a dynamic threat landscape.

 

There is no one-size-fits-all approach

Every organization has different security needs, so choosing a provider that offers a bespoke solution to address these specifically is a good place to start. From enterprises with their own SOC, to small- to mid-sized organizations who can’t afford to devote as much resource to security, there are flexible and highly customizable solutions that fit specific business requirements.

Threat intelligence providers have the ability to become a trusted extension of internal security teams. Organizations should start by evaluating their own orchestration and response capabilities, and in particular how efficiently they process threat data – often security teams require ‘big picture’ visibility of their threat landscape, frequently updated and in real-time to maximize incident response performance. Therefore, the strategic investment would be into machine learning software complemented by human intelligence, that can be easily integrated with SIEM, SOC or external data feeds (depending on company size).