Byline: What’s Your Network’s Threat IQ? 3 Steps Toward Actionable, Real-Time Threat Intel
Credit to Author: Derek Manky| Date: Mon, 17 Jul 2017 12:58:00 +0000
Many people will recognize the next few words as a gross understatement: The number of cyberthreats and cyberattacks targeting organizations won’t slow down anytime soon. In recent months, we’ve seen increasingly sophisticated attacks targeting specific organizations, compromised IoT devices used in DDoS attacks, and large-scale ransomware outbreaks spreading across the globe.
Many businesses struggle to keep up with the security threats they face, and they don’t know how to take the next step to better protect their systems. Updating their IT systems and keeping up with security patches are basic steps, but organizations also need actionable, real-time threat intelligence.
So what’s missing? Here are some suggestions for businesses that want better intelligence about the cyberthreats and cyberattacks targeting them:
Automate your security
Many organizations still use human workers to do security tasks that can be done better by automated, intelligent security systems. Automating many security functions have many advantages. Chief among the benefits: Automated systems can respond more quickly to sustained and intense attacks.
Automation can reduce costs, complexity, and errors. Networks can adapt to security demands in the blink of an eye. Automation can help your cybersecurity team build proactive security that can respond immediately to potential threats.
Intent-based security that can recognize threats or problems and can also understand the reason behind something will be critical to thwart automated attacks with automated security. When an intent-based system learns from past experience, it can take the proactive actions prescribed by your company’s cybersecurity team without the need for direct human intervention.
While some organizations fear a loss of control when they move much of their security response to an automated system, good automation still gives your security employees visibility into the process. Without taking these trusted steps, we will never be able to move ahead and continuously fall behind an ever-growing attack curve. A portion of that trust lies in the quality and caliber of threat intelligence employed by automated systems.
Automated systems also give your security team more time to work on other issues. As my colleague, James Cabe, says, automated systems free your IT workers from “babysitting technology” to become data scientists. This especially helps in an era where we have a shortage of cybersecurity professionals.
Share cyberthreat information
Business organizations and governments have been talking about the need to better share more cyberthreat information for several years, and I know this can be easier said than done.
Sharing cyberthreat information with other organizations certainly requires a high level of trust, but the benefits are many. Timely information sharing between organizations can help them recognize future cyberattacks and improve their defenses. By sharing information, organizations can build proactive defenses by working together against cybercriminals.
In 2016, Fortinet witnessed the benefits of information sharing first hand as part of a joint operation that helped INTERPOL and the Nigerian Economic & Financial Crime Commission uncover the head of an international criminal network.
Many businesses can join an ISAO (Information Sharing and Analysis Organization) or ISAC (Information Sharing and Analysis Center), which are groups focused on sharing threat intelligence relevant to specific industries.
Other organizations like INTERPOL, the NATO Industry Cyber Partnership (NICP), and some regional organizations have active partnerships with vendors and industry leaders to collect and share threat data.
Finally, the Cyber Threat Alliance, for which Fortinet is a founding member, is a not for profit organization led by expert security organizations automating the exchange of real time indicators. This is a good example of how security experts can use automation to exchange threat information to translate into actionable security controls.
One of the keys to successful information sharing is the speed of the process. A common critique of many information-sharing services is that they are slow and unreliable. Organizations involved in information-sharing systems should work to ensure that cyberthreat data is quickly shared and immediately useful.
Don’t just collect threat intelligence, use it
Information sharing is a great step forward, but organizations need to go beyond sharing information to the next step: acting on it.
Threat intelligence from other groups needs to be integrated with the data collected inside your own organization. Security tools are effective when they all work together to gather information from many sources, correlate it, and then give insight about your own threat environment.
This turns into actionable information that you should convert into policies that cover all your traditional networks, including public and private clouds, endpoint devices, and IoT systems. Businesses need a strategy for converting threat intelligence into action and they need to act quickly on the information received from other companies and from their own internal security systems.
Today’s digital businesses need security tools designed to operate at the speed of business. These few steps are a good start to gauge your network’s threat IQ and increase your capabilities to protect against the next lurking cyberattack.
This article was originally published in CSO.