Five common misconceptions around threat intelligence

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itproportal.com/2015/10/11/five-common-misconceptions-around-threat-intelligence/

‘Threat intelligence’ is a phrase that’s being bounced around in the
security industry quite a lot at the moment. It is clear from the high
profile breaches in recent months that cyber security within enterprises is
not where it needs to be, but is threat intelligence the key?

It has turned into quite a controversial debate, with many touting that it
will do very little to improve cybersecurity. On the other hand, there are
clear advantages.

These differences in opinions have resulted in some misconceptions
emerging, so what exactly is ‘threat intelligence’ and how can it be used
to improve the state of cybersecurity in the UK?

Misconception: Intelligence feeds will do very little to substantially
improve cybersecurity.

Truth: Collective threat intelligence ensures that when a breach or
particular attack is detected in one organisation, this information can be
shared among others. Cyberattacks are proliferating as such a rapid rate
that traditional only real-time intelligence that is shared will result in
better cybersecurity – you can no longer wait for an update to be pushed
out 24 hours later, it needs to be almost immediate. By leveraging
everyone’s encounters with malicious activity, you improve security for the
group.

Misconception: Most organisations do not have the human resource required
to make use of these tools

Truth: As security has advanced it has become more complicated, increasing
the number of data points for security teams to search though. This drains
resources and detracts away from the real threats because resources are too
focused on small events that pose less of a risk to the business. Threat
intelligence is about sharing the right information so the biggest threats
can be identified easily and mitigated as quickly as possible.

Misconception: Organisations just need to know they are protected, they do
not need to know the details of an attack.

Truth: Although protection is the number one priority, organisations should
have the ability to look at the granular details of an attack because this
will improve the response time in future. Unfortunately, breaches will
happen, so it is about reducing the time taken to respond by understanding
previous events and where the organisation is vulnerable. This means time
can be better spent mitigating the problem and alerting those affected.

Misconception: Threat intelligence vendors guard their research to the
detriment of the wider community

Truth: Although companies share data with one another, they are also
competitors of one another and often cherry pick which data is shared,
keeping the data they know is most valuable private. However, sharing some
information is better than not at all and organisations such as CiSP, which
is part of CERT-UK play an important role in anonymising and mediating the
data. Vendors have also realised the benefits of anonymously sharing threat
intelligence sharing between clients, so if an attack happens in one
organisation, other users are protected.

Misconception: At its best, threat intelligence might provide occasional
protection from attacks. At its worst it’s an expensive source of
information that has little impact on security.

Truth: The issue is that we cannot afford to stand still when it comes to
cybersecurity. Attackers are constantly innovating and sharing threat
techniques and we need to be doing the same. Operational threat
intelligence – data that can be consumed by security solutions as opposed
to consultancy – is advancing, making it far easier to use and accessible
to organisations of all sizes.

Like the term ‘big data’, threat intelligence is at risk of becoming just
another buzzword, a collective term for security tools – some of which do
little to improve security. But delving into what threat intelligence is,
the benefits are clear and it will be a vital tool in the enterprises’
defences. It allows organisations to be far more flexible and adapt to the
threat landscape as it changes. This enables security teams to be far more
proactive and focus on what is important.

In a time where data breaches seem to be hitting the headlines almost
weekly, with big names such as Mumsnet and Ashley Madison suffering, being
flexible and able to respond to a breach quickly is crucial.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!