Threat intelligence: A key weapon in your security armoury
June 6, 2016
Shah Sheikh (1294 articles)

Threat intelligence: A key weapon in your security armoury

A seemingly endless stream of high-profile data breaches have given cyber security a new impetus, bringing it very much to the forefront of conversations amongst business leaders and consumers alike.

With the general cyber security industry at the height of its celebrity, one specific area that is now experiencing a boom of its own after being slower to catch on, is threat intelligence. Currently, less than 5 per cent of organisations have a threat intelligence platform in place, a figure which is expected to rise dramatically in the next few years with adoption predicted to reach the 50 per cent mark by 2018.

As the battle against an ever-growing army of hackers intensifies, businesses will need threat intelligence to make informed decisions around security risks and vulnerabilities and prioritise their responses accordingly.

“Threat intelligence gained celebrity overnight,” said Ryan Trost, CTO of ThreatQuotient, leading to “exponential” growth in the market. “I think companies have a great need to, ultimately, augment their crime defenses,” he continued, and collecting the right security data is essential to this.

Unfortunately, that’s much easier said than done. Businesses are now faced with an ocean of data to analyse. As Ryan explained, security data involves a mix of “open source intelligence, government intelligence, commercial intelligence, malware dissection” – as well as human intelligence from operatives and data from the dark web – meaning businesses constantly need to be asking the question: “Which category of intelligence best helps my team and best helps the technologies I’m connected with?”

So, how can businesses wade through the data swamp? A threat intelligence platformis the most obvious answer, where data is collected from multiple sources and pushed out to analysts. Platforms such as ThreatQuotient’s provide context to intelligence and “give analysts the entire story of that IP address or domain,” improving the speed and efficiency of decision making.

Aside from that, sharing within the industry could be an answer. It’s certainly something that cyber criminals are doing but is “a bit of a catch 22,” according to Ryan. Businesses are usually very protective over their data and, more often than not, by the time the information is shared it will be out of date. Ryan recommendation is “if you do share, share with your circle of friends” and do it out of professional courtesy rather than some kind of contractual obligation.

However, one of the biggest issues holding all this back is the well-documented skills gap. Security analysts who know what they are talking about are “typically the most expensive” and the crux of the problem is that there simply aren’t enough of them out there. To solve this “supply-demand shortage,” Ryan recommends looking for people that show real passion for the area and also warns of the dangers of an “information overload” due to the abundance of data now available.

The future of the industry, he thinks, will involve a mixture of human input and automation and a more proactive approach where companies look to anticipate threats and vulnerabilities in order to stay one step ahead of their adversaries.

And, with cyber-crime continuing to adopt an increasingly-industrial approach, the job of a security analyst is not about to get any easier.

Source | ITProPortal