The Picture of Threat Intelligence

Issue link:

Contents of this Issue


Page 1 of 5

Threat intelligence yin yang Threat intelligence is a popular buzzword, but is it meeting its hype? Some swear by it; others swear at it. Evan Schuman reports. T he long-acknowledged core problem with threat intelligence today is the software equivalent of a Yin and Yang situation. The algorithms are smart enough to catch a massive number of log anomalies, detecting any pattern deviation that might indicate an attack attempt. That said, they are not yet smart enough to identify accurately the real threats from innocuous activity. The challenge lies, in part, between what the expectations and definitions are for the CISO and the realities of how attackers exploit corporate network vulnerabilities. Most experts say that the viable answer is to not wait for the software to get better, lest it be forgotten that the bad guy's software is not only also getting better, but getting better faster. So the real answer is to obtain more meaningful data for the algorithms on hand. A good example is insider context. That approach looks beyond perimeter security and attacks authenticated insiders who might not be who they claim to be. Whether credentials are stolen through social engineering, a trojan horse or other malware, the idea is that a different kind of battle must begin after a user logs in and is authenticated. That additional data typically comes in the form of context, which considers that user's typical attributes, both the physical, what device is being used and where is it located, to the behavioral; are they logging in at an expected time, are they accessing their usual documents or does their position in the company entitle them to this data. And yet, cyberthieves are often good at doing their homework. They might tunnel in to the user's machine, take it over and then access your network from the expected machine and the expected location. They might specifically attack personnel who would normally access the files they are seeking. In short, this is a serious problem and the "solution" is not universally consistent. Munish Puri principal consultant for Presearch Strategy, a security research firm, posits that threat intelligence data is getting more complex than an enterprise security system can analyze and that the CISOs are making the situation worse. "Most organizations still divide security into different departments and create blind spots for exploitation. Adversaries, on the other hand, do not think about 'physical security' and 'cybersecurity.' They simply look for gaps. They don't ask themselves 'What's my physical security angle?' to an attack. Adversaries just find the weaknesses and exploit," Puri says. "The focus on actors, while important, is 90 degrees from how organizations need to address their vulnerabilities. Until the security organizations truly synthesize vulnerabilities from multiple domains, those blind spots will 2 2.3B Texting turns 25 years old this year but its peak year for texts was 2011 with 2.3 billion messages sent. 1.7 bil- lion were sent in 2016. – CTIA 2017 | © 2018 Haymarket Media, Inc. OUR EXPERTS: Threat intelligence Swapnil Deshmukh, senior director of emerging technologies security, Visa Don Elledge, CEO, Edgile Michael Figueroa, executive director, Advanced Cyber Security Center Chad Loder, serial entrepreneur and security expert, Habitu8 and QuickSilvr Technologies Munish Puri, principal consultant, Presearch Strategy Mike Sanchez, CISO, United Data Technologies Mike Spanbauer, VP of research strategy, NSS Labs Threat intelligence

Articles in this issue

Links on this page

view archives of News - The Picture of Threat Intelligence