How can organizations keep up with today’s evolving threat landscape, highlighted by targeted phishing attacks, profit-seeking ransomware and advanced persistent threats (APTs)? The simple answer is better threat intelligence. Please stop me if this is something you’ve heard before. As cyberattacks continue to become more wide-ranging and complex, so too has the type of threat intelligence required to detect, prevent and respond to these threats. There is a new paradigm in threat intelligence, beyond just providing foundational indicators of compromise (IOCs); organizations are asking for actionable and contextually relevant threat intelligence that provides visibility into their organization, geography and industry.
Threat Intelligence Has Become a Critical Strategic Imperative in 2022
This reflects the latest shift in threat intelligence and validates the core set of content and capabilities intelligence providers need to arm their customers within the new digital age. A leading threat intelligence provider today must provide more than just indicators and alerts; they must serve the tactical, operational and strategic intelligence required to understand threats most relevant to them, leveraging primary source intelligence, brand visibility and critical vulnerability intelligence.
Finding the needle in the haystack requires more than just every known observable. While these alerting and blocking use cases will always be core to a security operations center (SOC), analysts will need to add context to threat via technical and strategic intelligence. Correlating indicators with higher-order intelligence such as threat activity, threat group profiles and malware analysis quickly helps L1 and L2 SOC analysts understand the threat, its targets and tactics, techniques and procedures to make an informed response decision. As stakeholders move beyond the SOC, the C-suite and board of directors will seek to better understand their relevant threat landscape with industry reports. Threat intelligence products should be able to provide a set of services to help any company, big or small, evaluate and plan their threat intelligence strategy, leveraging workshops, assessments and response plans.
Telemetry is key in threat intelligence. Combining human sources with infrastructure and technical sources leads to a powerful global intelligence data set. Leading providers benefit from global sightings from Incident Response, Managed Services and Managed Detection and Response (MDR) teams. Security telemetry not only helps provide added context for threat correlation, but also enables proactive awareness of malicious activity — one organization’s incident could be a warning of the latest zero-day exploit. This data can be operationalized to provide early warnings on threat activity, especially those most relevant to an organization’s brand, industry or geography.
Vulnerability management still plagues enterprises as security analysts struggle to understand the criticality of vulnerabilities. Identifying and prioritizing vulnerabilities is an essential task, but one that requires knowledge of your most critical systems and the ability to identify if a vulnerability is being actively exploited. This is the preferred method for risk-based vulnerability management, which helps prioritize the most critical vulnerabilities for remediation first.
From The Shadows Emerges Knowledge