In an increasingly complex threat landscape, littered with determined adversaries and sophisticated threats, organisations can’t defend themselves if they don’t know what threats they are facing.
“If the last few years have shown us anything, they’ve shown that even the largest organisations, with enormous IT security budgets, can fall victim. In all cases, these businesses had the best tools money can buy, as well as highly trained staff,” says Tumelo Mashego, Business Unit Manager for Forcepoint at Axiz, SA’s leading value-added ICT distributor.
“And all these companies, including Google, Marriot Group, RSA and Target were hit, and hit hard. Losing millions of customers’ personal records. One thing is clear, and that is that businesses cannot rely on traditional cyber security tools along to protect their sensitive and proprietary data.”
This, she says, is where companies need to get proactive and start using cyber threat intelligence. “Threat intelligence, or cyber threat intelligence, is information a company can use to better understand the threats they face, and which threats might be targeting the business. This information can be used to prepare, prevent, and identify cyber threats before they happen and damage not only the businesses bottom line, but its reputation too.”
According to Mashego, the sheer number of threats out there – a number that is growing on a daily basis, is scary stuff. “Any of these, if successful, can bring the business to its knees. Using the power of threat intelligence can enable companies to gain valuable insight into these threats, and help them to harden their security posture by building stronger, more effective defence mechanisms to mitigate any risks and protect the company’s information.”
She says this is particularly true in a world polluted by advanced persistent threats (APTs). APTs are far more sophisticated, systematic cyber-attacks that are prolonged, usually for weeks or even months, and are carried out by highly skilled bad actors. Their aim is to exfiltrate data, to commit sabotage or cyber espionage, or to steal intellectual property and financial information.
“These threats are carefully crafted to slip through any security nets your business might have in place, often using multiple vectors and entry points to gain a foothold on the corporate network. They have been known to evade detection for months, and sometimes even years.”
Mashego says these highly targeted threats need highly targeted defence, and cyber threat intelligence provides the capability to defend the organisation more proactively. “Threat intelligence solutions gather as much raw data as possible on emerging or even well known bad actors and their tools from a variety of sources. This data is then analysed, using a variety of methods including machine learning and artificial intelligence, and is then filtered to produce threat intelligence feeds and reports that contain data that can be harnessed by automated security control solutions.”
“The main aim of threat intelligence is to keep companies updated and educated about the risks of advanced persistent threats, zero-day threats and exploits, and how to defend against them,” she adds.
When done properly, threat intelligence can help the business stay abreast of the skyrocketing number of threats, as well as the various methods and tools used by bad actors. “It will also keep companies educated on the vulnerabilities, targets and different cyber criminal groups out there.”
This is particularly useful in an evolving landscape, as no business on its own can hope to manage every vulnerability and be aware of every risk. “Threat intelligence tools can take the pressure of CISOs and security teams by identifying common indicators of compromise (IOC) and recommending the steps that are necessary to prevent a breach or infection. There are several common indicators of compromise including IP addresses, URLs and domain names, such as a piece of malware targeting an internal host that is communicating with a known criminal actor or group. Threat intelligence can identify these, and alert the business.”
However, Mashego cautions that not all threat intelligence solutions are created equal. “Every vendor seems to be offering a solution to meet the demand for threat intelligence, and as a result, the market is saturated with various threat intelligence tools. However, for this type of solution to be truly effective, it has to be doing its job around the clock, scrutinising the endless expanse of online content for any potential security risks and threats.”
This is why we recommend a solution such as UEBA from Forcepoint, a leader in intelligent cyber security. “UEBA enables transparent and comprehensive investigation, combined with advanced analytics including machine learning and artificial intelligence that are tuned to pick up specific behaviour risks and anomalies.”