Skip to main content

Get Smart – Apply Threat Intelligence for Securing the Enterprise Network

By: Ashraf Sheet, regional director, Middle East and Africa at Infoblox

In a world in which cyber criminals are becoming increasingly stealthy and using increasingly sophisticated techniques, from ransomware to DNS hijacking, it is becoming more difficult, more expensive and less effective for businesses alone to defend themselves against threats.

According to research recently carried out in the US and EMEA by the Ponemon Institute on behalf of Infoblox, more organisations than ever are reaching out to sources including their peers, industry groups, IT vendors and government bodies for threat intelligence data. This increase could be attributed to the fact that two thirds of the IT security practitioners surveyed said they now realised that threat intelligence could have prevented or minimised the consequences of a cyberattack or data breach.

Despite this exchange and use of threat intelligence, however, the majority of respondents to the survey claimed not to be satisfied with the current quality of the data.

A question of trust

The most important objectives of a successful threat intelligence programme are to enhance an organisation’s overall security posture, improve its incident response and quickly detect attacks. However, less than a third of respondents rated their company’s defence against cyberattacks as highly effective, and only a quarter thought the same about their company’s process of using internal sources such as configuration log activities.

Although IT security practitioners are increasingly satisfied with their ability to obtain threat intelligence, there are still a number of concerns about how the information is obtained; that it’s not timely, for example, or that it’s too complicated to ensure speed and ease of use. Much of this dissatisfaction may be due to the way in which the data is actually sourced.

While two fifths of companies consolidate their threat intelligence data from a number of different sources, most engage in informal peer-to-peer exchange of threat intelligence, rather than taking a more formal approach, such as using a threat intelligence exchange service or joining a consortium. What’s more, a similar number reported using manual methods to consolidate their data, often due to a lack of qualified staff.

Regardless of the approach used, however, around three in five respondents claimed not to trust the sources of intelligence they used. It’s not surprising, therefore, that companies will often use fee-based threat intelligence because they think it’s better quality, that it’s more effective in stopping security incidents, and because they don’t have confidence in free sources.

Trust is an issue when it comes to giving too, as well as receiving. While around three quarters of organisations provide threat intelligence in addition to using data from other sources, around half claim that the potential liability of sharing meant they would only partially participate in a threat intelligence exchange programme. It’s for this reason perhaps, that organisations prefer sharing with a neutral party or a trusted intermediary rather than sharing with organisations directly, indicating the need for a trusted, neutral exchange platform.

Automation and efficiencies

Indicators such as suspicious hostnames, IP addresses and file hashes, threat intelligence will typically be disseminated internally through alerts. However, security personnel in around two thirds of organisations are spending more than 50 hours a week responding to these alerts, when their time could be better spent pro-actively hunting for signs of criminal activity.

Currently, only half of the companies surveyed use automated solutions to investigate threats, with just one in five claiming to use advanced technology such as AI and machine learning. Interestingly, the use of slow manual sharing processes were also cited by over a third of businesses as a reason for not participating in the exchange of threat intelligence information.

The most important objective of an organisation’s threat intelligence activities is to quickly detect attacks and improve incident response. For the intelligence to be actionable it needs to be received in a timely manager, immediately prioritising the threats contained. However, as shown above, a large number of organisations are not satisfied with the timeliness of the intelligence, believing that it becomes stale within a matter of minutes.

With so many inefficient manual processes in place both in compiling and responding to threat intelligence, it’s clearly time for businesses to embrace more automation or, at the very least, consider a hybrid approach.

Taking measurements

A threat intelligence provider is only ever as good as the information it provides, of course. Just over two fifths of businesses will use their threat intelligence programme to define and rank levels of risk of not being able to prevent or mitigate threats using indicators based on uncertainty about the intelligence’s accuracy, and an overall decline in the quality of the provider’s services. A similar number will evaluate the quality of a threat intelligence provider and the information it delivers based on its ability to prioritise threat intelligence and deliver it in a timely manner. A similar number again will evaluate the threat intelligence itself using a risk score based on factors including whether it is actionable, confidence in its source, and the veracity of the threat indicator and the indicator type.

More than anything, the survey reveals a real need for actionable, timely and effective threat intelligence sharing. What’s more, many respondents to the survey said their organisations are using threat intelligence in a non-security platform, such as DNS, indicating that we’re now seeing a blurring of lines between what are considered security tools and what are considered pure networking tools. Securing today’s networks means using threat intelligence for defence-in-depth, plugging all gaps, and covering all products.


Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

The Workplace of the Future

By: Arnab Ghosh – Director, Synergy Property Development Services)
Workplaces are undergoing a major transformation today to stay relevant. Conventional space planning and design approach for office space are slowly but steadily changing across the globe. What was a trickle a decade back is snowballing into a movement as we speak? The nature of the work we do and the time we spend in our workplace is driving this change. 
The Social Workplace The original office in the west was originally based on the factory floor design. The Workers occupied the maximum space followed by Managers and the Senior Executives in their glass cabins. The term “productivity” also has industrial roots. There were well-defined tasks and targets for the employees to achieve in their working time. All these have changed drastically over the last few decades and going to change further in the future. The culture of organizations has to adapt to this change to stay ahead and retain talent. Productivity is no long…