Threat Intelligence simply put
23 May 2022
The internet has pushed humanity to the 21st century. At the root of almost every industry, digital technology is connected to the internet. As discussed in a previous article, cybercriminals are becoming more sophisticated, unpredictable and most importantly, anonymous. The probability of you being a victim of cybercrime are high. Around 83% of Information security professionals; the cybercrime experts, were victims of phishing attacks according to the Verizon Data Breach Investigations Report.
Bearing this in mind, this makes us take another look at cybersecurity and ask the questions who is attacking and why? The repercussions of the attack, and how to improve the security?
"Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject's response to that menace or hazard." — Gartner
Threat intelligence transforms questions into answers; Threat intelligence gives you context on how to act or how not to act. Threat intelligence is intelligence literary.
The intelligence should answer three questions; what is the threat? What is the impact on the organisation? What action should be taken?
This asks the following questions about the attackers:
Ø Who are the hackers?
Ø What are their capabilities, and how do they operate?
Ø Where do the attackers target; as in geographic locations; the specific industries they target
Ø When do they attack? This can identify their patterns and help understand them better
Ø Why do they attack? What are their intentions and motives?
Ø How do they operate? This also focuses on their patterns.
After the threat is determined, the impact of the threat is analysed. The main question this answers is the effect of threat's impact on the organisation.
This provides context for the organisation. Using the provided context, threats can be prioritised, and it can be highlighted precisely how this will affect different organisations.
What actions can be taken to minimise the threat in both the short and long term?
Using the context provided from the impact, various decisions can be taken to minimise threats.
· Fraud prevention
· Lowering costs
· Vulnerability management
· Security operations
· Incident response
· Avoid loss of data
· Lowering risks
· Threat Intelligence Sharing
· Maximising staffing
Instead of being reactive and reacting to attacks after they have happened, threat intelligence is the knowledge that allows you to minimise and prevent attacks.
The market is rapidly growing and becoming too complicated and overcrowded for users to sort quickly through the noise to find the right products and require services.
I would like to introduce you to Jenny. Jenny is a Security Web Intelligence platform that brings company users and cybersecurity vendors together. Jenny is the portal that provides you with on-demand access to 360-degree trusted research and reviews on cyber technology vendors and service providers.
With her help, users can clearly access thousands of vendors and view their products and services. She has been built to operate at a global level and continuously discovering security vendors every day.
A tool like this is vital to find vendors and more specific threat intelligence vendors. Using Jenny approved vendors can be found, compared and contacted.
In a market where cybercrime is ever-evolving, we must evolve with them, and this is the way forward.
For example, when searching for a threat intelligence vendor one of the vendors that came up was Kaspersky. https://deciphercyber.com/company/kaspersky .
“This was the summary of Kaspersky Kaspersky is a global cybersecurity company founded in 1997. We are the world’s largest privately-owned cybesecurity companies. We operate in 200 countries and territories and have 35 offices in 31 countries. Over 3,800 highly-qualified specialists work for Kaspersky. Our independence allows us to be more agile; to think differently and act faster. We are forever innovating and delivering protection that’s effective, usable and accessible. Our mission is to build a safer world. We believe in a tomorrow where technology improves all of our lives. Kaspersky’s deep threat intelligence and security expertise are constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. Kaspersky’s globally renowned team of experts has investigated some of the most complex and sophisticated cyberattacks ever known, including Stuxnet, Flame, and Red October. The company also cooperates extensively with INTERPOL, Europol, and national police bodies to actively assist them in their fight against cybercrime The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 270,000 corporate clients protect what matters most to them.”
Under the threat intelligence this was the summary Threat Intelligence:
“Counteracting modern cyberthreats requires a 360-degree view of the tactics and tools used by threat actors. Generating this intelligence and identifying the most effective countermeasures requires constant dedication and high levels of expertise. With petabytes of rich threat data to mine, advanced machine-learning technologies and a unique pool of world experts, we at Kaspersky work to support you with the latest threat intelligence from all around the world, helping you maintain immunity to even previously unseen cyber-attacks. Kaspersky’s knowledge, experience and deep intelligence on every aspect of cybersecurity has made it the trusted partner of the world’s premier law enforcement and government agencies, including INTERPOL and leading CERTs. You can leverage this intelligence today.”