Actionable global threat intelligence – the key to a proactive cybersecurity strategy
The digital age continues to diversify and expand the way we do business. Add to this the fact that the perimeter has shifted to the end user, maintaining an acceptable cybersecurity strategy isn’t easy.
At the same time, those involved in cybercrime are becoming more business-oriented, and their software and services are in great demand. They innovate faster than traditional businesses, and it’s become commonplace for less skilled attackers to hire black-market software and services of these expert cybercriminals to target traditional, legitimate businesses.
The reality is that a persistent, highly determined attacker will always find a way in, particularly in today’s business climate, as organisations embrace digital transformation. For this reason, the focus is not only about keeping attackers out but also how we manage the threat once our defences have been breached.
I believe that this requires a change in how we think about security and a shift of prioritisation towards effective threat detection and response. Threat intelligence needs to be developed as a key capability – all the way from pre-event adversary scanning to post event breach analysis. When properly applied, threat intelligence can transform security from a reactive model towards one that’s proactive, and even predictive.
This really can be the difference between investigating a failed intrusion attempt versus an actual security breach; a lone-wolf attack versus an advanced persistent threat.
There can often be unexpected challenges if you attempt to do this alone, however. We’re currently facing a worldwide cybersecurity skills shortage and many organisations are finding it difficult to attract and retain key talent. From a people perspective, it’s ideal to have:
• a security ‘red team’ trained and ready to identify vulnerabilities within your environment
• a ‘blue team’ to perform the necessary cyber defence and response activities
• an intelligence team to fuse external intelligence within your internal applications
• a hunting team to look for threats that may have bypassed traditional security controls
All of these teams require expertise and manpower that you may not have readily available, or can realistically afford.
From a process perspective, it’s important to have well-defined incident response playbooks. You’ll need to establish how your organisation responds to a denial of service attack as opposed to an internal malware outbreak; have a communications plan with clearly defined roles and responsibilities and have this tested to ensure it executes as planned. Other considerations include the existence of an escalations matrix, shift rosters, and team handover procedures. Critically, you’ll also need to consider who’s looking after 24/7 monitoring and out-of-hours support in you organisation? Attacks do not only occur during regular business hours.
Underpinning all this, from a reporting and metrics side of things, it’s vital to understand how effectively your security or security operations centre programme is functioning. You need to be able to trend the efficacy of your detection and response over time to demonstrate how the investments you’re making in people, process, and technology are moving those risk metrics in the right direction.
I believe that an intelligence-led security model provides deeper and broader visibility into attacks, enabling organisations to more effectively detect, respond, and anticipate security breaches.
It’s this window that provides you with an opportunity to counter adversarial actions. To safeguard your security posture within a growing threat landscape you need to have access to relevant, up-to-date threat intelligence data and well-defined metrics that link back to business objectives, have the necessary in-house expertise, and ensure the right processes are in place.
Dimension Data sees threat intelligence as a key component of our ability to deliver services that will help our clients risk less, while achieving more. On any given day, we’re tracking over five million active threat sources – it’s this extensive real-time data that enables us to truly understand the threat landscape, and stay ahead of cybercriminals. Simply by knowing about impending attacks allows our security teams to help our clients to prepare their threat defences in anticipation of malicious activity.