So Many Threats, So Little Time: How to Prioritize & Visualize Threats to Your Organization

Posted: 28th July 2022
By: Chad Knipschild

There Are Too Many Threats to Track All of Them

Figuring out which threats matter and determining the specific impacts they have on your organization is hard to assess. It’s inevitable that new vulnerabilities, new threat actors, and new malware variants will be identified and discovered, daily. While it’s easy to get lost in the sea of threats, it’s important to remember that not all threats can, or will, cause harm to your organization. Yet, how can you assess what is most important to you? You have to be diligent to ensure the threats critical to you do not slip through the cracks.

Security leaders and their analysts face the challenge of trying to keep up. With the sheer volume of possible threats out there, it's easy to get bogged down and consumed by the process of tracking each and every one of them. The underlying problem is that it's daunting to try and prioritize which threats are the most pressing and deserve the most attention. It's difficult to filter through the noise and prioritize when, often, the process and data are fragmented. This further causes problems in not only prioritizing threats, but also in making sure your team does not miss relevant threats.

What is the specific threat landscape for your organization, and how can you be more efficient and effective at managing the threats that matter most?

The term "threat prioritization" is common in the security industry, but it's incredibly broad. To define a process that will help your team become more efficient and effective at managing threats that matter, we need to break down what a "threat" really is. In simple terms, a threat is the combination of intent, capability, and opportunity to cause damage or harm to an entity.

A Threat Is an Adversary's Intent and Capability

To build out a plan to identify threat actors that matter to your organization, we first need to describe intent: a malicious actor’s desire to target your organization. Discovering adversaries' intent helps analysts and decision-makers understand why a threat actor wants to cause harm. It defines a threat actor’s goal and allows you to build a case to determine how they should be considered and prioritized.

However, knowing the intent of an actor does not provide the full scope of the threat. The adversary's capabilities, or Tactics, Techniques, and Procedures (TTPs), must also be taken into consideration to accurately assess how dangerous a threat is, and what they might do to your organization if left unchecked. Mapping out TTPs on MITRE ATT&CK charts provides leaders and analysts insight into how a threat actor may target an organization. This is important, but still more analysis is required to be able to assess possible impacts specific to your organization.

The capabilities of a threat actor need to be overlayed with the vulnerabilities in your, or your third-parties', technology stack. By doing this, you can identify the potential opportunities a threat actor could use to cause damage to your organization and begin to understand your threat landscape. Simply, if there is no opportunity, there is no threat.

For example, recently, cybercriminals developed attack methods that exploit a zero-day vulnerability called Follina in Microsoft Office software. Due to the widespread use of Microsoft products, it is important to know about the Follina vulnerability. Even if your company does not use Microsoft products, you will need to confirm that your third-party vendors have patched the vulnerability or do not use the affected products. Once you have done this, there is no longer an opportunity for a threat actor to harm your organization with Follina attack methods; and thus, it should no longer be a concern for you and your team.

Combine Intent & Opportunity (Capability and Vulnerabilities) to Prioritize Threats That Matter

Threat actors with less intent, diminished capabilities, and reduced opportunities generally have a lower probability of launching an attack on your company. Focus on those in the higher range, which is where most of your team's time and effort should be spent preparing and mitigating. This enables analysts to tackle threats specific to them, and also supports leaders in making decisions with proactive threat management to reduce risk.

In concept, this is simple; however, manually working through the prioritization process is very time-consuming and requires significant resources, which is not efficient. It's hard to build a process that isn't just a reaction to the latest threats. This is especially true when the threat landscape is always changing. In order to make this effective and stay ahead of threats, you need tools that automatically curate real-time intelligence to get the job done.

Identifying and Prioritizing Threat Actors with Visualizations

Threat teams need an automated way to assess risks and threats that are specific to their environments and industry. To get around the difficulties of conducting threat prioritization manually, teams should turn to automation, especially solutions that encompass machine learning and natural language processing to help you filter down relevant threats.

This is where Recorded Future can help, using our Intelligence Graph to automatically curate intelligence in real-time; Recorded Future's new visualization goes further to map your threat landscape; automatically identify and prioritize threats that are relevant to your organization.

With a transparent scoring mechanism, you can see the intent, capability, and opportunity – and all of the evidence threat actors have against your tech stack, supply chain, peers, industry, and more.

By providing leaders with intelligence and evidence on how the landscape is changing, our threat map also allows analysts to analyze trends over time. This helps answer questions like: how did my threat landscape change from yesterday, last week, last month, or even over the prior year? Or why should I be more concerned about a specific threat actor over another?

Whether you're a decision-maker or an analyst, there are ways to filter through the noise. Recorded Future can provide the information you need to identify and prioritize threats to your organization, efficiently, and effectively.

If you're interested in learning how Recorded Future can help you prioritize and track the constantly-evolving threats that matter most to your organization, reach out and schedule a demo with us today.