May 10, 2019 • Levi Gundert
As financial institutions increase spending on cyber intelligence operations, members of security leadership must be more articulate in justifying the value of their investments.
Banking and financial services institutions (BFSIs) have some of the largest cyber threat intelligence teams of any industry, and these resources are continually being built out. I’ve had conversations with many BFSI CISOs (chief information security officers) about this, and the common refrain is that threat intelligence skills are becoming increasingly important to them — not just for enhancing cybersecurity capabilities, but also to meet the demands for specialized support in various aspects of daily operations.
Because intelligence work is often a silo function within cybersecurity, technology C-suite executives will find it a challenge to assess their cyber threat teams or the work that they do, simply because there’s no commonly accepted means of evaluation, including KPIs for processes and workflows. Without a better measure of success to outcome, the true value of these security hires can be hard to determine.
Recorded Future’s contextualized threat intelligence can help banks and financial firms to bridge this gap by directly enhancing cybersecurity capabilities with an immediate expansion of resources, as well as making security information more consumable for daily operations via the off-label use of threat intelligence.
The open web, the dark web, and technical databases contain an incredible amount of data — much more than what is humanly possible to process. With the right tools, intelligence teams can be empowered to tap into this endless resource for more. Recorded Future’s approach embraces the data challenge by collecting and analyzing the voluminous structured and unstructured data with machines, which are continuously processing that data to increase the quality of telemetry alerts that can be analyzed daily. That’s analysis of information from numerous sources around the world, and in 30 languages, if necessary, to help banks identify adversary tools, tactics, and procedures (TTPs) that are not yet publicly known.
Freeing security teams from the daily grind of contextualizing data and providing them with more global information and sources is highly empowering, allowing them to act on security control changes with greater speed and clarity.
While having more data is generally a good thing, the opposite is true if there aren’t enough resources to process and contextualize it. Information regurgitation is now becoming a common problem in BFSI cybersecurity reports. Without fresh inputs to generate real insights, a threat intelligence team may write reports that no one reads, and/or there may be a lack of associated operational outcomes to improve security. That’s a terrible waste of resources.
We turn this industry problem around by providing security professionals with access to an unrivaled breadth of information globally and by mapping to standardized frameworks, like Mitre ATT&CK. This is made possible by technology that automatically and continuously harvests and combines data to conveniently deliver customized, contextualized analytics for the entire security organization, in real time and on demand.
Another way to raise the value of intelligence reporting is to improve the presentation layer. Security teams must present data comprehensively and holistically so that it can be consumed by its intended audience. This unique information must also be consistently supplied so that internal teams learn to identify the content as being complementary to the work that they do, and not as an overlap with current workflows. Recorded Future helps threat intelligence teams avoid operating in a silo with programmatic solutions that integrate with existing team orchestration and automation (SOAR) workflows to ensure the frictionless combination of internal network and host based observables with external intelligence.
Our in-platform Intelligence Cards, for example, are the pinnacle of what we can do. They unify thousands of data points into a single view so that every search not only unveils results according to customized filters, but also collates other associated insights. By providing relevant data to fill gaps in intelligence reporting, we allow security professionals to articulate intelligence of greater value to their audiences more quickly.
The true measure of value for security analysts is speed. Here is where Recorded Future can help them shine — by putting the global view of emerging threats at their fingertips, in real time. Our platform constantly collects and aggregates data for instantaneous categorization and summarization on a very broad and very complex ontology, spanning threat actors, malware families, indicators of compromise or attack, company software vulnerabilities, vendor or supplier exposures, and more. This is to ensure fast and convenient user access from different searches, alerts, and monitoring dashboards. It also enables Intelligence Cards to be rapidly populated with contextualized data to present holistic, relevant information for easier consumption.
Making this happen involves a lot of technology, but it’s technology that Recorded Future has invested in so that the banks don’t have to. We are similar to the financial Bloomberg terminal for intelligence on cyber risks. BFSI enterprises can simply tap into our platform and our expertise to gain more insights of greater value, far more quickly than anything they would be able to gain themselves.
For more information about how Recorded Future can help organizations better understand and prevent threats, request a personalized demo today.