Page 16 - index
P. 16
Cyber Threat Visibility is essential to closing the breach detection gap. It’s not an option for a small
team with this monumental task to work on their own in a vacuum. Organizations focused on the
research of these threats are growing.
Specializing in market verticals, attack vectors, and even tracking threat actor groups, these
intelligence companies are tracking the worst of the worst across the industry today. It’s essential in
today’s threat landscape for security teams to augment their capabilities with cyber threat
intelligence.
Leveraging this knowledge on the enterprise enables organizations to know what to look for or
sometimes simply, where to look, speeding up incident response.
Implementing this research makes security teams more effective, focusing on actionable threat
data. This reduction in false-positives will reduce an organization’s overall risk, as they are aware of
potential compromise events faster than ever.
There’s still another gap.
Knowing about a breach and having the capabilities to fix it are not one in the same. Cyber threat
intelligence is a tremendously powerful resource. Many of the providers and on-site security teams
that are generating intelligence have the ability to communicate the issues and strategies for taking
action against the matching events.
Again, sharing this information, and being able to communicate as close to the breach event as
possible is critical for protection, but there’s still a gap, the detection to protection gap.
Most of the largest retail breaches that we have seen occur at times when teams are least prepared
to engage and take action. Before Thanksgiving until mid-January, financial transactions among
retail and online stores are never higher.
Companies want to be able to collect and process payment for all the shoppers, and they don’t want
mistakes or human error to take these systems offline for any period of time. The loss of revenue for
even an hour can be disastrous. To avoid human error, freezing configurations and systems in
place is fairly standard across the industry.
What happens when the adversary knows this, and exploits this timing for their gain? Unfortunately,
it happens all too often. Even when threats are identified during these freeze windows, taking
corrective action is often too late to have a meaningful impact.
In order to solve these challenges and effectively implement cyber threat intelligence in the network
security stack, new technologies must be deployed for real-time identification and protection of
network resources.
These new capabilities must be able to handle the large, dynamic policies specific to their industry,
and identify the potential compromise down to the exact internal resource. The cyber threat
16 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
