Traditional cybersecurity approaches revolve around building a defensive posture. Cybercriminals come up with new, inventive ways to break into networks, and cybersecurity professionals scramble to stop them.
But what if you flipped this approach on its head? What if rather than a defensive approach, you went on the offensive? Is that even possible?
It is – with threat intelligence. It involves applying data capture and analytics techniques in the context of identifying and preventing cyber threats. Threat intelligence will play a bigger and bigger role in security strategies as risks continue to multiply, partly as a result of the Internet of Things, which aims to interconnect all objects than can be connected.
As data capture and analysis methods become more sophisticated, cybersecurity models will move beyond prevention to include a critical preventive component. These models will be a digital manifestation of the maxim that a “best defense is a good offense.”
Current Threat Intelligence
Currently threat intelligence consists primarily of subscription-based information feeds provided by security vendors. Some threat intelligence feeds provide a generalist view of current threats while others drill down into specific areas of risk and groups of threat actors.
The better feeds are updated frequently, put information in context and provide clues on how to avoid the threats. They tell you about threat actors’ tactics and techniques, and the formats they exploit to deliver malicious payloads.
The information is collected from endpoints, malware-detection engines and various other sources. Effective threat intelligence collection goes beyond signature-based malware-detection by looking for code traits, patterns, behavior and anomalies that hint at the presence of malicious code for which no malware signatures exist yet.
In so doing, threat intelligence adds a critical layer of protection by helping to identify new malware variants, the websites that house and distribute them, and the methods employed by attackers to hack into systems and spread infections.
Down the Pike
The future of threat intelligence is predictive. It will largely be about determining probability of threats and where they originate. Just as organizations are starting to leverage data analytics for predictive maintenance of equipment and systems, security professionals will do the same to predict where cyber attacks will come from and who is likely to execute them. Call it the digital version of “know thy enemy.” The more information you can gather about those intent on harming you, and the methods they employ, the better you can prepare to defeat them.
“Organizations with a sophisticated approach to cybersecurity are no longer satisfied with locking the doors after the robbery has been committed,” consulting firm Deloitte explained in a recent report, Analytics Trends 2016: The Next Evolution. “Organizations such as these are beginning to employ more predictive approaches to threat intelligence and monitoring – in short, going on the offensive.”
What does that mean? Monitoring IRC (internet relay chat) and social media “chatter” by shady groups and individuals suspected of cybercriminal activity. Analyzing past hacks and breaches to build predictive models of impending new threats. Regularly testing corporate defenses to prevent cybercriminals from finding security holes before you do. Predictive threat intelligence will not eliminate cybercrime, but it will certainly help prevent a lot of attacks. And more importantly, it will turn cybersecurity strategies from a primarily defensive endeavor to more of an offensive effort.
Read more about Reducing Dwell Time with Behavioral Analytics