CS1907

More documents

Recommendations

Info

threat intelligence THREAT OR TREAT HOW ORGANISATIONS SHOULD BEST MANAGE, DETECT AND RESPOND TO A DATA BREACH IS AN ON-GOING QUESTION. BUT AN INTELLIGENCE-DRIVEN STRATEGY IS AN ESSENTIAL PART OF THAT Security vendors should be applauded in many ways for their ability to take technology and security best practice that has been around for a long time, give it a fancy new name, and sell it as the new magic bullet, says David Peters, CTO, ANSecurity. "Cyber Threat Intelligence is one such instance that, although it offers some benefits, is not a new concept and can be accomplished in more than one fashion. Even the most basic security controls, such as desktop anti-virus, use threat intelligence in the form of signature updates, URL blacklists are the same, even the regular advisories to patch applications and operating systems are effectively threat intelligence messages." Many of the new breed of cyber threat intelligence (CTI) offerings are rather expensive, he adds, but there are alternatives that are effectively free. "For example, AlienVault open threat exchange, when coupled with Palo Alto's Minemeld, can create a potent threat intelligence platform that can take both open source alerts and paid-for services to be fed into an effective system. This combination can feed dynamic firewall rules that can block known IP addresses which are host threat actors. Building your own is feasible for most IT professionals and does not need a deep infosec background." FIRING ON ALL CYLINDERS Where some of the CTI systems can shine is in the more specialist areas, such as Critical National Infrastructure, very large enterprises and organisations that use SCADA. "However, this is a realm where CTI should be used alongside a dedicated SoC and analyst as an aid, rather than a replacement for skilled infosec professionals, Peters advises. "Even in this space, there are national resources, such as GCHQ, which do sterling work in providing threat intelligence that both these more critical groups and other enterprises would be wise to regularly consult." ATTACK TOOLS AT LARGE "With the increased availability of highquality, open-source attack tools, cyber aggressors can constantly evolve and utilise automated attack tools, points out Chris Doman, security researcher at AT&T Alien Labs. "For an organisation trying to defend itself from a barrage of these assaults, it can all become too much to handle, especially when you consider that security teams are already understaffed and overstretched. So, what can security professionals and organisations alike do to defend against these attacks? First, Doman advises, start by fighting fire with fire. "If cybercriminals are using automation to their advantage, then so should organisations. Some tasks remain the preserve of humans - but there are still many simple time-consuming tasks that can be automated. This can alleviate the strain for security personnel who can fixate their time on more concerning matters." Secondly, share threat intelligence. "The last few years, we 22 computing security July/August 2019 @CSMagAndAwards www.computingsecurity.co.uk
threat intelligence have seen an improvement in governments, vendors and companies being more open to sharing threat information. By sharing intelligence, we are seeing faster detection and better prevention of known threats. In addition, for those without the in-house expertise, seek a dedicated team or a SOC to continuously monitor the organisation's environment. This will give the business insight into what is happening across the entire network. The threat intelligence developed with each investigation will assist the security team in making the correct decisions when it comes to preventing future attacks." By building a united front and utilising near real-time threat data, he says, "businesses can strengthen their own defences, while also helping others to make life more difficult for hackers, which is what sharing threat intelligence is all about". INTELLIGENCE-DRIVEN ACTIONS Cyber security has certainly become a high priority for senior management, according to 78% of businesses that responded to the UK government's 'Cyber Security Breaches Survey 2019'. While it is encouraging that this figure has risen year on year, generating awareness of cyber security is only one part of the issue. "The next step for organisations to take is not only understanding, but intelligently acting on the risks presented," argues Andy Pearch, head of IA Services at CORVID. "Despite the heightened awareness, many organisations are still focusing on mitigating assumed risks, rather than real risks, without a robust security strategy in place." The 2019 breaches survey revealed that, in the last 12 months alone, almost one third of UK businesses identified cyber security breaches or attacks. "What's more, the research also showed that just under half of these companies identified at least one breach or attack per month," says Pearch. "While these figures should be enough to make a business refocus its strategic security thinking, it is the use of the word 'identified' that is significant: many more attacks could have occurred, but not yet been discovered." Indeed, global figures reveal that the median dwell time - the time a criminal can be on a company's network undetected - is more than 100 days. "And, in many cases, the breach is not revealed by the security team itself; it is a call from a supplier, a customer or business partner that brings the problem to light, typically following the receipt of a diversion fraud email requesting - for example, that future payments should be sent to a different bank account." Such breaches not only have the ability to undermine business relationships, but, in some cases, can also incur significant financial liability. "These frauds usually follow one of two forms: either impersonation, where a criminal masquerades as the business, using a very similar domain name and email address; or, following a successful compromise, the email comes from the company's own system. It is the latter case that raises the issue of liability for any financial losses a business partner may have suffered." ATTACK MINDED In the battle against sophisticated cyberattacks, defenders must innovate, if they wish to remain one step ahead of the latest threats. To do so, cybersecurity professionals need real-time, actionable intelligence about the threat landscapes they face, says Nilesh Dherange, CTO of Gurucul. "Threat intelligence solutions provide data that lets security personnel make informed decisions about their defences. With threat intelligence technology, organisations can know who is attacking them, what their motivations are and what they are trying to accomplish. With this knowledge, they can remedy the threat." Moreover, to make informed decisions, context is key. "Without proper context, David Peters, ANSecurity: creating a potent threat intelligence platform doesn't have to be expensive. Nilesh Dherange, Gurucul: with threat intelligence technology, organisations can know who is attacking them, what their motivations are and what they are trying to accomplish. www.computingsecurity.co.uk @CSMagAndAwards July/August 2019 computing security 23
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment NATION IN TRANSFORMATION In
Page 5 and 6: p ent est INFORMATION SECURITY ASSU
Page 7 and 8: editor's focus from the public and
Page 9 and 10: True multi-factor authentication wi
Page 11 and 12: GDPR fine is preliminary," states A
Page 13 and 14: case study "Equally, it does not he
Page 15 and 16: product review WEBROOT BUSINESS END
Page 17 and 18: financial focus an online banking u
Page 19 and 20: inside track EDUCATION, EDUCATION,
Page 21: Webroot empowers businesses with pr
Page 25 and 26: 12th edition of the most recognized
Page 27 and 28: cyber espionage a "sobering story"
Page 29 and 30: CYBER SECURITY europe 9-10 October
Page 31 and 32: industrial cyber security MULTIPLE
Page 33 and 34: endpoint detection and response GET
Page 36: Brookcourt Solutions (A Shearwater

CS1907

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?