Threat actors are moving faster, gaining skills, and becoming more efficient at compromising networks – taking just mere minutes to reach their target. As threat actors become faster, why does it seem like organizations are getting slower at discovering breaches – sometimes taking weeks or more to discover a hacker’s infiltration?
Recently, we have seen companies within industries band together to try and stop this detection deficit. This past summer, eight of the largest U.S. banks announced that they were banding together to tackle cyber threats with shared intelligence and comprehensive response.
While initiatives like this represent a huge step in the right direction as industries try to combat growing cybersecurity threats, companies are still struggling with the root cause behind issues with cyber threat detection and response – cybersecurity data. It isn’t that banks, telecoms companies, hotels or any other industry don’t have enough cybersecurity data – it’s that they have too much. In fact, there is so much data coming in that they can’t tell what’s relevant to their own organizations.
The cause of this? Raw security data and community-generated threat intelligence feeds are full of non-applicable warnings, red herrings and often don’t speak the same language – causing duplicate information. On top of this, security teams are working on disparate systems that can’t communicate about the potential threat indicators within the network. We call these issues threat fragmentation.
Cleaning up the threat management mess From malware to phishing and ransomware, cyber threats take many forms, adding to the breadth of information from threat intelligence feeds and security tools that organizations must utilize in order to detect, respond to and mitigate threats. Sometimes the security personnel working to detect threats work well together – but often times they are moving quickly, causing disconnected and uncoordinated efforts. The inefficiencies caused by fragmented threats, available data, the breadth of security technology and processes across teams all lead to potential “holes” in the network that hackers can infiltrate.
So, how can an organization tackle fragmentation? In order to unify people, processes and technology into a comprehensive view, organizations need to support collaborative cybersecurity environments. By creating a centralized knowledge base for threat intelligence, utilizing information from intel feeds as well as internal data from security technologies, teams can work together cohesively with streamlined information. This enables the organization to ensure that threat intelligence information is being analyzed, correlated and sorted through efficiently and effectively in order to identify a potential threat, attack, or adversary.
Closing the detection deficit With unified threat intelligence, an organization can utilize a threat indicator, like an IP address or malware hash, along with other available information about its history or behavior to better understand the threat actors’ motives, techniques and what their potential affiliation is. This proactive approach drives an intel-driven defense supporting empowered decision-making, informed risk management and builds a picture between the tactics, techniques and procedures that are identified and the relationship with the threat actor. This enables an organization to gain a better understanding of an adversary or event and can provide insight into which controls need to be tightened or the vulnerabilities being targeted.
When security teams aren’t able to communicate, organizations can’t correlate their intelligence. And, when the proper communication and correlation doesn’t take place, processes don’t work in unison, thus causing fragmentation that works against cybersecurity defenses.
In order to cut the detection deficit, organizations across industries must be able to leverage their tools, teams and systems within a collaborative environment. With every piece of the security puzzle working together, a truly intelligence-driven, proactive approach will be possible – helping to enhance the ability to discover and act on a breach faster than ever before.
(About the author: Adam is an information security expert and is the CEO and a founder of ThreatConnect, Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design and cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect, the first-of-its-kind threat intelligence platform.)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access