Tying internal and external threat intelligence together eliminates the noise when it comes time to analyze information and determine risk levels and your strategy for dealing with them. At its best, threat intelligence allows organizations to get an understanding of their own security posture and build a profile of attackers and their activity.
That last part threat activity involves having a clear view of the various stages of an attack, known as the kill chain. An example of a kill chain would be reconnaissance followed by the delivery of an exploit, pivoting around a network and extracting information.
Disrupting any one of these phases can be the difference between a breach and a typical workday. In the event of an attack, the ability to correlate attack data about the kill chain with information from intelligence feeds can help enhance understanding of the business impacts of the breach and provide a framework for improving defenses.
As one can imagine, getting the data and operationalizing it are two different animals. Just recently for example, cyber attackers were observed targeting a series of Internet Explorer and Adobe Flash Player vulnerabilities in attacks on the aerospace industry. With that type of intelligence, companies can assess how best to handle the situation and, if they are lucky, thwart the threat before it hits their network.
Are there computers in your environment running IE? Are there exploits being delivered via malicious sites that can be filtered? Is there any mitigation that can be put in place while Microsoft works on a permanent solution? What kind of data are the hackers after? Is it critical? Where is that data on my network?
Answering these types of questions moves your business along a security journey that begins in the hell of ad hoc approaches and ends at the nirvana of a business-aligned security program. It is not a simple path, and many CISOs get stuck along the way by developing security approaches based on meeting regulatory compliance demands without the benefit of threat intelligence coming into play. But, it is only with those data feeds that organizations can move on to developing a security approach based on actual risk that can then be put into a business context.
As the saying goes, information is power. The more you know about the threat landscape and what is happening on your network, the better able you will be to reduce risk by proactively limiting the attack surface for hackers.
Sign up for Computerworld eNewsletters.