Page 37 - Cyber Warnings
P. 37
Attention CISOs: Top Questions to Ask Your Threat Analyst
By Mark Seward, VP Security Solutions, Anomali
Threat intelligence data is a critical tool that can help understand attacker behavior and their
activities. Once organized in a threat intelligence platform, data reveals to threat analysts the
techniques and methodologies used by attackers as evidenced in malware, infected websites,
suspicious domain name registrations and mass credential exposures.
Threat intelligence platforms play a pivotal role in vetting and normalizing the data across
numerous open source and proprietary streams of data, providing a secure communication
channel for threat information sharing, and providing data integrations with your SIEM and
existing security architecture.
As such, evidence of attacker activities or indicators of compromise (IOCs) can provide
information about the strategic risks to businesses or agencies and can detect possible data
breaches.
The following questions will help the CISO kick off a risk-based conversation that can be a
source of metrics surrounding the use of threat intelligence data. Threat analysts should also be
prepared to answer these questions on a regular basis as these answers can also be a regular
part of board level discussions.
1.What are the top risks to our brand or organization as a whole?
Attackers often create domains similar to a company’s existing brand to attract your customers
with the purpose of stealing their usernames and passwords, credit card information or other
personal information.
These activities can cause your customers distress, damage your brand reputation and cost you
money. Domain registrations can be an important source of information about attackers that
may be targeting your brand.
Actively monitoring “Whois” data can help identify this type of fraud before it is perpetrated. This
means monitoring a portion of the Reconnaissance phase of the attack chain. This can give you
time to alert and remind customers to be alert to specific fraudulent domains.
2. Are our employees’ credentials part of any mass exposure?
Employees need to know that being a part of a mass credential exposure can put the business
at risk. It is possible for valid email address/clear text password pairs to be used by an attacker
to impersonate a user if they are able to get inside your network.
37 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
