Threat intelligence (TI) is a vital capability for any IT security department. If used effectively, it can offer CISOs the ability to take security from a reactive to a proactive posture, enabling them to better manage cyber risk and support the business-wide digital transformation agenda. But the major caveat to this is that time and care must be taken ahead of time to make sure you invest in the right platform.
It pays to do your due diligence to understand exactly what capabilities are on offer before selecting a provider. You may be surprised at the sheer range of functionality some platforms can deliver.
The benefit of flexibility
Part of the research you’ll need to take on will involve checking the reputation of prospective providers. What are peers and customers saying about them? What do analysts think? It’s wise to collect as broad a sweep of opinion as possible before coming to a decision. Things to consider include usability, pricing, how easily it integrates into your current security solutions, and whether data is fresh, broad and actionable enough to generate effective threat intelligence.
But perhaps equally important is to understand how TI is delivered. The chances are you want to leverage TI to serve multiple business needs. That makes a modular solution by far the best choice. It means you can pick and choose which functionality you need without being forced to pay for elements that may lie unused. With pay-as-you-need you get a variety of options. Here’s a brief selection:
Passwords represent the keys to the virtual kingdom in the modern enterprise, allowing attackers to crack open accounts en route to sensitive customer data and IP. A second layer of risk comes when customer credentials end up in the hands of the bad guys, enabling cyber-criminals to hijack accounts and potentially commit identity fraud. With TI that scours the open, deep and dark web, you can find actionable intelligence related to leaked, stolen and sold credentials. Find them quick enough and you can take action before credentials have even been monetized and used in attacks.
Customer credit and debit card details are a favorite target of hackers. Although the cybercrime underground is deluged with such information, they can still make a tidy sum selling freshly stolen data to fraudsters. Once again, with the right TI, you can step in to warn customers and card providers before the fraudsters have even had a chance to use the stolen details in anger — minimizing losses and helping to protect your organization’s reputation.
Increasingly, unofficial marketplaces are awash with applications stuffed with hidden malicious code and/or apps abusing your organization’s brand to lure customers and harvest their data. TI can help search the web for signs of applications claiming links to your organization to protect your brand and reputation, as well as your customers.
By analyzing millions of malware samples each month, TI can provide a much-needed early warning system for attacks. TI proactively hunts down targeted malware and Man in the Browser attacks, enabling you to regain the initiative from the cyber-criminals and enhance the resilience of your IT systems.
It’s not just credentials and customer card details that represent a major cybersecurity risk to organizations. Increasingly hackers are looking for sensitive IP and trade secrets. TI can help to find examples of this too, by searching the surface, deep and dark web. It may even be that the data has been leaked accidentally. No matter, any resulting exposure will still be minimized.
It might not get as many headlines as attacks by nation states and organized crime groups, but hacktivism continues to represent a major headache to organizations keen to minimize potentially damaging data leaks. TI can monitor activity on social networks to understand where the next big targets are going to be, and can help mitigate the impact of any attacks.
It’s not just hacktivist activity that can be found on social media. Increasingly, these channels are a great way for TI tools to provide early-warning on phishing websites or other unauthorized use of your brand and assets.
Ready for anything
This is just a quick snapshot into the kinds of TI capabilities your organization could leverage to respond quicker to breaking incidents and feedback into security processes to become more resilient to threats in the future. The ability to scour the deep and dark web as well as the indexed web and P2P sites can be crucial here, allowing your security teams to turn the tables on the enemy by putting a spy in their midst. But also important is intelligence gleaned from social media and other more traditional online channels.
Thanks to the GDPR (see our specialized report here) and NIS Directive, keeping a major breach or security incident a secret is no longer an option. Nor is hoping for the best. You need to be following best practices in everything you do to show regulators that you take cybersecurity seriously. The penalties for failure go well beyond the headline fines to customer attrition and brand damage. These could take much longer to recover from, and more importantly get in the way of digital driven innovation.
With the sheer range of tools on offer, it is often difficult to find the right solution for your business. Check out our Buyer’s Guide here to help you make the smartest investment.