Threat Intelligence: Knowledge is Power
Formal threat analysis is emerging and is a sub-component of risk management. While evolving and still in its infancy, threat intelligence is about anticipating the attack, profiling potential bad actors, understanding their tactics and looking for signs to prevent or reduce damage. Even if you don’t prevent it, it may be possible to catch it early and keep the attack from reaching its full intent.
- Situational Intelligence – It is important to know if it is just you or your industry that is under attack. While security executives may rely on a rolodex or White Hat Network, external feeds are growing in commonality and popularity.
- Linked Attacks – As a result of threat profiling, incidents are no longer being seen as isolated events. Security executives are able to view the attack as part of a bigger picture and ask themselves, “Is this step 3 of a broader mission? Who would do this to us? What would they be after?”
- Legislation – Various legislation efforts are attempting to drive threat intelligence. There is also a national strategy for trusted identities in cyber space, which looks at systemic problems like IDs and passwords that are weak and distributed.
- Active Defense – While security executives are relatively unfamiliar with the term “active defense,” they are interested in joining industry threat intelligence networks. One primary reason is the lack of talent on staff capable of identifying threats.
- SIEM and Real-time Analytics – There is general agreement that SIEM is not ready for real-time analytics and capable of answering the big questions, including business intelligence questions. Tuning SIEM is labor-intensive, requires the right skills and is an ongoing effort.
- Data Feeds – Security executives are looking at a variety of data feeds, including fraud systems, business transactions, EFT transfers and DLP.
- Analytics in Security – Security practitioners in the past have held the belief that analytics won't work for security. This perception is changing. Insurance companies use analytics to underwrite cyber insurance, and business intelligence is being applied more and more to security problems.
|