6 Steps for Operationalizing Threat Intelligence
4 likes2,860 views
Forsythe is a leading IT company that provides security and advisory solutions for Fortune 1000 organizations to enhance their agility and security. The document emphasizes the importance of commercial threat intelligence in defending against cyber threats, suggesting that a strategic understanding of an organization's assets and capabilities is essential. It also highlights the need for effective operationalization of threat intelligence to improve security measures and respond efficiently to threats.
6 Steps for Operationalizing Threat Intelligence
- 2. Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. www.forsythe.com About Forsythe
- 4. In 207 BC, when information traveled no faster than a horse could ride…
- 5. …it was intelligence that led Rome to its critical victory over Carthage during the Punic Wars.
- 6. Fast forward 2,000 years,
- 7. and intelligence is more important than ever.
- 8. Countries have spent trillions of dollars building up military forces to protect their interests and deter attacks by…
- 9. air land sea
- 10. But the biggest threat to security today comes not from ground forces or air power,
- 12. There are no rules of engagement in cyber warfare when it comes to corporate data.
- 13. Enterprises in all industries are attractive targets…
- 14. …and most are not adequately prepared to defend themselves.
- 15. According to PWC’s 2016 Global State of Information Security Survey…
- 16. …theft of hard intellectual property increased 56 percent in 2015.
- 17. The best form of defense against attacks and those who perpetrate them is to know about them.
- 18. But for many organizations, good quality intelligence is hard to come by.
- 19. Commercial threat intelligence technology and services can help enterprises arm themselves with…
- 21. …enabling them to identify and respond to global threat activity, and integrate intelligence into their security programs.
- 22. Per Gartner, by 2018…
- 23. 60% of large enterprises globally will utilize commercial threat intelligence services to help inform their security strategies.* *Gartner, Smarter with Gartner, Use Threat Intelligence Services for an Agile Defense, June 10, 2015, http://www.gartner.com/smarterwithgartner/use-threat-intelligence-services-for-an-agile-defense/
- 25. It is important to note that…
- 26. …threat data is not the same as threat intelligence.
- 27. The difference?
- 28. Threat data is information without context.
- 29. Whereas…
- 30. Threat intelligence incorporates the background that makes the information relevant to an organization or industry.
- 31. Sorting through threat data and operationalizing threat intelligence….
- 33. But it doesn’t have to be.
- 35. Know your environment in and out.
- 36. In order to be applied, threat intelligence needs to be supported by a solid understanding of your assets, and what’s going on in your network.
- 37. Some questions to ask yourself…
- 38. What are your most valuable information assets? Where are these assets? When are these assets being accessed? Who has access to these assets and why?
- 39. Establish your business goals.
- 40. What are your overall business drivers?
- 41. protection? detection? attribution & prosecution?
- 42. And what are you looking to accomplish with threat intelligence?
- 44. Enhancing automated prevention Shortening the lifecycle of detection and remediation Automating security operations and remediation efforts Centralizing threat intelligence programs and standardizing processes
- 46. Establishing an understanding of current capabilities is critical.
- 47. To help to determine your existing capabilities and what is currently going on in your environment, consider services such as…
- 49. They should be leveraged as part of a continuous vulnerability management program as you move forward.
- 50. Research available products and services.
- 51. There are a lot of threat intelligence services you can subscribe to. Each offers…
- 52. different numbers of indicators different levels of relevance and context
- 53. And there are varying levels of effort involved in leveraging the information they provide.
- 54. Internal Standardized Highly targeted intelligence | Unrestricted usage Commercial Vendor-specific Moderately targeted intelligence | Usage is restricted Some standardization Moderately targeted intelligence | Usage is restricted Community Varied formats Little targeted intelligence | Usage restrictions vary Open Source Intelligence Sources
- 55. Avoid drinking from the firehose.
- 56. The analytic value of threat data varies; while certain details can be useful, like…
- 57. subject linesattachment names malicious IP addresses domains
- 58. …they are often used only once, and are therefore not good indicators on their own.
- 59. Knowing the difference between valuable threat data and “noise” will go a long way.
- 60. only on what applies to your business.Focus
- 61. Share and share alike.
- 62. Sharing non-compromising information will help other organizations learn more about specific threats.
- 63. Build circles of trust with organizations in the same vertical that are not direct competitors.
- 64. This facilitates the sharing of…
- 67. In today’s threat landscape, without a threat intelligence-focused strategy…
- 69. The bad guys are getting faster and faster. Intelligence provides a way for organizations to…
- 71. Get the insight needed into attackers’ plans
- 72. Get the insight needed into attackers’ plans Prioritize and respond to threats
- 73. Get the insight needed into attackers’ plans Shorten the time between attack and detection Prioritize and respond to threats
- 74. Get the insight needed into attackers’ plans Focus staff efforts and decision-making Shorten the time between attack and detection Prioritize and respond to threats
- 75. Properly operationalized, it’s a powerful tool for enhancing the security of your…
- 79. Authors: David O'Leary Director, Forsythe Security Solutions David Hove Practice Manager, Forsythe Security Solutions Aaron Smith Master Consultant, Forsythe Security Solutions Shariq Hassan Senior Consultant, Forsythe Security Solutions Anne Grahn Senior Communications Specialist, Forsythe Security Solutions Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. www.forsythe.com