Do You Have a Crystal Ball?
How do you prepare for the next cyber attack? Do you know what’s coming and are you prepared or do you have to scramble when an attack hits? Even with the best technology and security platforms deployed in your enterprise you can be caught flat-footed if you are not prepared.
Threat intelligence plays an important role in helping protect an organization. Along with helping you see what’s happening within your network, it can also help aggregate threat information and create a format and the intel that is actionable for your security team.
Security teams must abandon the myopic vision and attitude of only focusing on what’s happening within their network, remove their blinders and see what is happening beyond their network perimeter, otherwise by the time an alarm goes off, it could be too late and your network may have already been compromised.
Using publicly available threat intelligence feeds and paid subscription feeds, along with security industry news, your security team can stay abreast of the current Internet threat landscape and begin taking proactive defensive measures ensuring your network is protected against the threat before it hits your perimeter.
Another component involving threat intelligence is not only ingesting data feeds but also sharing unique data that your security team may be observing. The motivation to share intelligence is clear; increase the scope and speed of sharing to help all types of organizations act more quickly to defend themselves against emerging threats.
The U.S. Department of Homeland Security has deployed its Automated Indicator Sharing (AIS) systems, which allows the exchange of cyber threat intelligence among private and public organizations. In theory, the idea of sharing data makes a lot of sense, but organizations are sometimes hesitant, especially when the attack data could be connected back to a company or organization.
As the volume of threats grow and evolve organizations need to start focusing on the “how” instead of the “what”. How do we share data that improves not only the organization’s abilities to protect their infrastructure while minimizing exposure of sensitive data that could impact the business and its customers, but also provide value to help other organizations and form a community to fight the ever increasing volume of cyberthreats.