Cyber Threat Intelligence

Introduction

 For cybersecurity measures to remain effective by the people who use make to protect systems and networks requires knowledge and awareness of threats and attacks potential or current. This is where cyber threat intelligence defined as the organisation, analysis and refinement of  information about potential or current attacks that threaten an organisation comes into play. This post aims to serve as an introduction and brief overview of cyber threat intelligence. 

 The primary purpose of threat intelligence is helping organisations understand the risks of the most common and severe external threats, such as zero-day threats, advanced persistent threats (APTs) and exploits. Although threat actors also include internal (or insider) and partner threats, the emphasis is on the types that are most likely to affect a particular organisation's environment. Threat intelligence reports often include in-depth information about specific threats in different business or service areas to help an organisation protect itself from the types of attacks that could do them the most damage.


Use Areas
The application of cyber threat intelligence within an organisation can be summarised in four main categories:
  • Predict: Strategic threat intelligence can help organisations forecast evolving threats before they materialise, and plan accordingly to avoid them.
  • Prevent: Threat intelligence that can stop incidents occurring in the first place, such as malware signatures that can be used to update signature-based detection mechanisms.
  • Detect: Intelligence that helps identify threats as they arise, or those that may already be present within a network, such as techniques, tactics and procedures that threat actors use (TTPs) that can be used for threat hunting exercises.
  • Respond: Material that can inform a response to an existing incident with a view to mitigating its extent or impact, such as TTPs used by a threat actor once its presence has been discovered on a network which will provide guidance on likely adversary next steps and how the victim should act.
The degree to which an organisation can consume threat intelligence across multiple business functions will depend on the nature of the material provided and the maturity of the consumer organisation.
 Purpose of Cyber Threat Intelligence

 Threat intelligence solutions gather raw data about emerging or existing threat actors and threats from a number of sources. This data is then analysed and filtered to produce threat intel feeds and management reports that contain information that can be used by automated security control solutions. The primary purpose of this type of security is to keep organisations informed of the risks of advanced persistent threats, zero-day threats and exploits, and how to protect against them.

 When implemented well, threat intelligence can help to achieve the following objectives:
  1. Ensure organisations stay up to date with the often overwhelming volume of threats, including methods, vulnerabilities, targets and bad actors.
  2. Help organisations become more proactive about future cybersecurity threats.
  3. Keep leaders, stakeholders and users informed about the latest threats and repercussions that could have an effect on their businesses.
Organisations are under increasing pressure to manage security vulnerabilities, and the threat landscape is constantly evolving. Threat intelligence feeds can assist in this process by identifying common indicators of compromise (IOC), the evidence that a cyber-attack has taken place, and recommending necessary steps to prevent an attack or infection. Some of the most common indicators of compromise include:
  • IP addresses, URLs and Domain names: An example would be malware targeting an internal host that is communicating with a known threat actor.
  • Email addresses, email subject, links and attachments: An example would be a phishing attempt that relies on an unsuspecting user clicking on a link or attachment and initiating a malicious command.
  • Registry keys, filenames and file hashes and DLLs: An example would be an attack from an external host that has already been flagged for nefarious behaviour or that is already infected.

Conclusion

The great unknown; it can be exciting in many situations, but in a world where any number of cyber threats could bring an organisation to its knees, it can be downright terrifying. Threat intelligence can help organisations gain valuable knowledge about these threats, build effective defence mechanisms and mitigate the risks that could damage their ability to carry out their business and reputation. After all, targeted threats require targeted defence, and cyber threat intelligence delivers the capability to defend more proactively.
While the promise of cyber threat intel is alluring in itself, it is important to understand how it works organisations can choose the right cybersecurity tools and solutions to protect their business.
Hopefully, this post serves gives an introduction and overview of cyber threat intelligence  for more information about this area it is worth reading the cyber threat hardback by Thales which gives a good global perspective of the importance of it while also outlining the different attack profiles that organisations would be aware of.  https://www.thalesgroup.com/en/group/journalist/press-release/cyberthreat-handbook-thales-and-verint-release-their-whos-who

Comments

Post a Comment

Popular posts

Balancing functionality, usability and security in design

Image
Introduction When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other. Defining the Triad in design A triangle can be used to help explain the relationship between the concepts of security, functionality and ea
Read more

Personal Interest - Unbuilt fleets of the Royal Navy

Image
Introduction Throughout the 20th Century the Royal Navy designed and examined different types of fleets that were never realised either due to budget constraints, arms treaties or the changing nature of war. These are only a few examples of the different types of unbuilt fleets. Some of these had prototypes built and tasted for the Royal Navy which would serve as technological testbeds. Images and info from secret projects forum, shipbucket, popular mechanics/science and naval-matters. Washington Naval Treaty (WNT) The  Washington Naval Treaty  was a treaty signed during 1922 among the major nations that had won  World War I , which agreed to prevent an  arms race  by limiting naval construction. It was negotiated at the  Washington Naval Conference , held in  Washington, D.C. , from November 1921 to February 1922, and it was signed by the governments of the United Kingdom, the United States, France, Italy, and Japan. It limited the construction of  battleships ,  battlecruisers
Read more

Personal Interest - RAF Unbuilt Projects

Image
  Introduction This blog post looks at the different groups of cancelled RAF projects. It will focus on the 50s, 60s, 90s/00s and a brief look at hypersonic research projects. While these projects were often cut or cancelled for budget or austerity reasons, they were also pushed by the changing nature of warfare firstly from conventional style WW2 warfare to the predicated quick, short scale nuclear war which was expected from 1947 to 1989. Later from the 90s and into the 21st Century a change from state on state conflict to facing insurgencies, counter-terrorism and peacekeeping missions again led to a change in how wars are fought. Though the work and research done on these projects would rarely go to waste with it being used and applied in other projects and works even if sometimes it could take another ten or twenty years before anything operational came of that work. There won't be large amounts of text explaining or exploring the designs there are far better sources for th
Read more