Contextual Threat Intelligence Paints a Picture Worth a Thousand Words

September 19, 2019 • The Recorded Future Team

Enterprises are investing heavily in cybersecurity, but are they effectively evolving security measures from a reactive, tactical approach to a more proactive, strategic approach?

This blog examines how security teams can solve this challenge by using threat intelligence to paint a picture of the security risks faced by various business units and technology systems within the enterprise. This picture helps prioritize and communicate information on the risks that can do the most potential harm. This in turn helps educate and guide executives toward an allocation of budget and resources necessary for the security team to fully protect the digital assets of the enterprise.

As reported in Forbes, protecting enterprise systems against cyber threats is a well-funded, highly analyzed process at many organizations. Worldwide spending on cybersecurity is estimated by Gartner at $124 billion for 2019, up nearly 9% from last year. The key question is, where is all that money going: toward tactical measures, or strategic initiatives? Evolving your IT security program from a merely tactical approach to one where you also proactively apply strategy is mandatory in today’s cybercriminal environment. Solid tactics extinguish fires — but an advanced strategy prevents them.

Combine Threat Intelligence With Internal Tools for Maximum Visibility

Alerts coming from SIEM solutions, firewall logs, and other internal security tools certainly have their place in IT threat-response programs. The data they consume and regurgitate gives security teams the basic insights they need to identify and mitigate many of the cyberattacks they face.

But to get to the point where the team can perform at a more strategic level, all of this tactical data needs to be combined with external threat intelligence. The two data types can then be contextualized in relation to pre-identified IT risks.

With context, the security team can “paint a picture” of security threats as they relate to their organization’s IT risks. This enables everyone across the enterprise to truly understand where the greatest dangers are when new threats emerge, based on the digital assets at risk and their role in day-to-day business operations.

Prioritize Security Measures for Each Environment and Asset

Contextualized threat intelligence combined with security analytics also facilitates long-term planning and budget allocations for new security measures that must be deployed to sufficiently protect digital assets. Using a combination of external threat intelligence and internal IT risk assessments, security teams can measure, for example, the vulnerability ratings of each component within various business and technical groupings:

  • Business units or lines of business
  • Business functions like human resources, marketing, sales, production, customer service, and finance
  • Operating systems like Windows, Linux, Apple, and Android
  • Databases and data types
  • Device types, such as servers, desktops, laptops, printers, and smartphones

By determining the risk level and assigning a business-critical value of each asset within each grouping, security teams can create a picture that helps determine where to focus strategic efforts.

Threat Intelligence Streamlines Strategic Planning

Using a threat intelligence platform pays off in formulating the security strategy by automating the ingestion and the compilation of data from internal security tools and external threat intelligence. A threat intelligence platform also enables security teams to consider factors beyond the technical characteristics of threats to calculate vulnerability risk scores. This includes incorporating external data about criminal adoption, patterns in exploit sharing, the number of links to malware, and what approaches other companies are taking to block and mitigate threats.

This information often comes from sources that are difficult to access, like forums on the dark web. The approach also takes security teams beyond simply looking at security defenses from the inside. They can see the source of threats — certain regions of the world, nation-states, a specific threat actor group, or even competitors.

Communicating Security Risks Clearly to Executives

By presenting the information generated by contextualized threat intelligence in non-technical terms — getting away from the tactical rows of log entries and SIEM alerts — threat intelligence platforms also help security teams communicate effectively with business executives. Clear communication is critical: Only when executives understand the IT risks will they commit to the necessary budgets and resources to implement solutions that increase security postures.

With a clear understanding of risk, executives will also support the security team in communicating the importance of improved IT security across the enterprise. This too is vital, because in today’s cybercriminal environment, IT security needs to be something everyone is committed to — not only for protecting internal digital assets, but also for protecting the digital assets of customers, vendors, and partner organizations.

To learn more about how Recorded Future can help you proactively defend against cyber threats, request a personalized demo today.