How TIAA Uses Threat Intelligence to Enhance Security Awareness
September 8, 2016 • Amanda McKeon
Security awareness and strategic threat intelligence are mandatory elements of any organization’s ability to ward off cyber events. The threat landscape can appear vast and unwieldy, putting additional barriers in the way of creating a successful threat intelligence program.
During a recent webinar, Joe Walbert and Mike Kirk, senior information security analysts with TIAA, explained how they and their team use Recorded Future as part of a holistic threat intelligence program to promote security awareness while giving the organization the tools to proactively, effectively, and efficiently identify threats.
TIAA is the leading provider of financial services in the academic, research, medical, cultural, and government fields, with $854 billion in assets under management.
Enhancing Security Awareness
Walbert began the webinar by explaining that threat intelligence teams can assist security teams with awareness campaigns by providing information about threats that resonate with multiple audiences inside the organization, both technical and non-technical. He said that sharing relevant security stories with cyber contacts at TIAA pays large dividends.
External reference monitoring, he continued, helps them identify information that might pose a threat to the business. Technical indicators, sensitive information such as leaked passwords or usernames, and reference publish times can all be analyzed and correlated within Recorded Future to alert on potentially impactful future threat actor activity.
Kirk next shared how, through Recorded Future, organizations can monitor external references from social media, news stories, forums, etc. related to domains.
This search returned a rather large pool of results, but Kirk continued to demonstrate how Recorded Future provides the ability to further refine results. The number of references for a given URL then begins to bubble certain stories to the top of the list, helping threat analysts focus on what really matters to the organization. These “relevant contextual news stories,” said Walbert, “whether they’re technical or non-technical, will promote security awareness and let your organization’s employees get a sense of the threats and trends within a global context.”
Bringing Imminent Threats to the Forefront
The pair then demonstrated the Recorded Future API and how TIAA uses it to automate the application of threat intelligence. Using the API, analysts will “begin to see patterns emerge that may be included in strategic planning efforts.”
Kirk also reviewed an approach to identifying all new vulnerability events reported within a given time period. The ability to focus in on a specific timeframe can offer up a clearer picture to threat analysts, and help them warn the organization about imminent threats.
Again, showing a query in Recorded Future, Kirk selected an event against a vulnerability and identified CVE to search within a source set for the NVD. This provided an authoritative list of vulnerabilities published within a certain period which could be exported and used to develop a threat framework and tracking mechanism for all related CVEs that a threat analyst could review, process, and rate.
Additionally, Walbert showed Recorded Future’s alerting feature, which helps with “a programmatic approach” for vulnerability intelligence.
Turning Data Into Threat Intelligence
Kirk and Walbert wrapped up with a demonstration of how TIAA uses the Recorded Future Intel Cards and partner integrations to cross-correlate events and find additional situational awareness and context for threat indicators.
The key, said the analysts, is to understand how an organization can operationalize and integrate threat information “to work smoother, faster, better, smarter, etc.” They continued to say that, by integrating with the Intel Cards and applying different available data sets, an organization’s analyst or incident responder is “better armed.”
To learn more about how Recorded Future is helping TIAA with situational and security awareness, watch the full presentation.