Threat Intelligence to Elevate Your Security Defenses
Threat Intelligence to Elevate Your Security Defenses
The risk of cyber attacks is pervasive and no organization is immune. From data breaches to ransomware attacks, the cost of these security breaches can be devastating both financially and in terms of reputational damage. It’s no longer a question of if your organization will be targeted but rather when (which is a sad state of affairs for an industry which has $160B of spend, but that is a topic for another blog). This concern is echoed by leaders across the globe. As per World Economic Forum, Global Cybersecurity Outlook 2023, “The character of cyber threats has changed. Respondents now believe that cyber attackers are more likely to focus on business disruption and reputational damage. These are the top two concerns among respondents.”
Therefore, having effective security defenses is essential for every business. One of the most effective ways to enhance your security defenses is by utilizing threat intelligence. In this blog post, we will explore what threat intelligence is, its benefits, and how it can be used to elevate your security defenses.
Let’s start with defining Threat Intelligence
Threat intelligence is data collected and indexed from sources including dark web, open web, technical, customer telemetry etc., that has been organized, analyzed and delivered to understand the threat landscape including threat actors, the malicious infrastructure they are building, their tactics, behaviors and targets. Threat Intelligence gives the same external view of gaps and weaknesses that an attacker sees and may want to exploit. Threat intelligence enables organizations to make faster and effective data-driven security decisions and shift from being reactive to proactive in defending their critical assets from attackers.
Benefits of Threat Intelligence
Threat intelligence provides numerous benefits to organizations. One of the most significant benefits is that it helps you stay informed about evolving threats. By understanding the common attack patterns, you can proactively adapt your security posture to mitigate future attacks. It also provides situational awareness to security teams that can reduce response time and improve incident management. By leveraging threat intelligence, organizations can focus their resources on the most critical risks, thus enhancing the effectiveness of their security defenses.
Threat Intelligence is the lighthouse in the sea of today’s uncertain and evolving threat landscape.
How to Use Threat Intelligence to Elevate Your Security Defenses
Utilizing threat intelligence for your security defenses is a multi-phase process. It involves collecting relevant data, analyzing the information to detect patterns and trends, and then integrating the insights to create a proactive security framework. To begin with, an organization needs to first understand their attack surface, what they look like from the outside looking in, and what areas attackers might exploit. This is an important first step because according to CSO Today, “only 9% of organizations believe they actively monitor 100% of their attack surface. The highest percentage (29%) say they actively monitor between 75% and 89% of the attack surface while many monitor even less.”
Once the security team understands the attack surface, they need to also understand the external threat landscape, what are the threats that can actually harm them. This is no easy feat as the global cyber threat landscape continues to expand, in 2022 there were 38% more cyberattacks compared to the prior year, according to Security Magazine. However, threat intelligence can help shed light on the threat landscape by collecting signals, trends, and indicators on threat actors and attacks as they talk about and conduct them. To make the most out of the threat intelligence the security team should identify the primary data sources that are most applicable to the organization and the threat landscape itself. Once the data is identified and collected, it can be shared across the security ecosystem including directly in SIEM and SOAR tools for analysis and faster response. This analysis allows security teams to identify trends and patterns and update existing security protocols and measures.
Threat Intelligence and Continuous Improvement
Ultimately, as cyber threats continue to evolve and become more sophisticated, threat intelligence is continually learning, adapting, and evolving to maintain its effectiveness. Staying ahead of the curve requires that organizations continuously refine and improve their threat intelligence and security defenses. Being able to detect threats earlier also saves significant resources and money, according to the IBM Cost of a Data Breach 2022 report, “organizations that detected and contained a breach in less than 100 days saved an average of $1.2 million compared to those taking longer.” With continuous improvement, organizations can stay proactive in their threat mitigation approach and remain prepared to face the next attack.
With threat intelligence, organizations can elevate their security defenses significantly. By leveraging a proactive plan that utilizes the insights and patterns revealed by the information gathered, businesses can make informed decisions about how to bolster their security posture, reduce risk, and respond quickly to incidents. The key is not to wait for an attack to happen but to stay ahead of potential threats by utilizing threat intelligence. After all, effective security is the responsibility of everyone in the organization, and we must all work together to ensure that our defenses are continuously improving to reduce the risk of cyber attacks.
How a Client Uses Threat Intelligence to Elevate Their Defenses
We sat down with Recorded Future client Alex Arango, Head of Cyber Threat Management at Mercury Financial, to talk about how he’s using Recorded Future to elevate his company’s defenses with threat intelligence. With 4 years at Mercury Financial and 14 years experience in the industry, Arango is leading his team and his company in an intelligence-led approach to security. Arango’s team helps the organization identify new methodologies, monitor threats, and secure themselves against threats. Arango’s team is composed of security operations and security assurance functions.
Q: When and why did you start using Recorded Future? What drove the need for Recorded Future at Mercury Financial?
A: “It was really important for us to understand what was going on in the threat landscape, so we identified a need for a threat intelligence program. We wanted to know which threat actors we should care about, their techniques and procedures, and also what our third-party threat landscape looked like.
Recorded Future met all of those needs by giving us that tailored, full service package where we could get an understanding of all of our needs - understanding what our partners are doing and the threats to them, what the vulnerability landscape looks like, what events geopolitically may be impacting us, and more.
We started using Recorded Future in 2020, and ever since then, it’s been very valuable.”
Q: How long did it take to start seeing results with Recorded Future’s threat intelligence?
A: “We saw results instantly. The first thing we were alerted to was brand impersonation. With the Brand Intelligence Module, we are alerted when an actor is using our company’s likeness, or even our executive’s likeness on social media, and prioritize response to that. We are also able to monitor for infrastructure impersonation, for example if a site or application was impersonating ours. It’s very important to us to be able to understand the scope and driver for the threat actor, allowing us to provide attribution, and respond to these issues and take them down within a reasonable amount of time.
Recorded Future allowed us to understand trends in our industry and partners, and prioritize where we should spend our efforts. I've seen teams get overwhelmed with intelligence and not have the analytical team to go through it all in a reasonable amount of time. Recorded Future helps us combat that issue, and gives us the ability to proactively move our security posture around and prioritize intelligence events or different intelligence collections.”
Q: What benefits have you seen using Recorded Future’s threat intelligence?
A: “We like that Recorded Future gives us a historical look at trends. This data helps us analyze or make recommendations, based on what Recorded Future has seen in the past. Recorded Future also gives us insight into what attackers are doing, what they are saying, and where they are targeting. This helps us build a picture of our risk levels and how we can better bolster our security posture in the future.
Recorded Future allows us to make informed decisions. For example, when we assess a vendor, we can go into Recorded Future's platform and quickly turn around an assessment of what that vendor's historical security posture has been and what it looks like now. In addition, we are able to have a real-time assessment of key third-parties and technologies we are using to assess if they could be susceptible to vulnerabilities. We are also able to collaborate with our partners to alert them of exposed vulnerabilities and understand their action plans to address it. We have built a robust process where we feel confident about the security posture of the critical third-parties our organization engages with.
Recorded Future provides holistic threat intelligence in a digestible way that meets the needs of our various stakeholders. I can easily take summaries from Recorded Future AI Insights and build well-written summaries for our executive stakeholders.”
Q: What impact has Recorded Future’s threat intelligence had on your organization’s security posture?
A: “Recorded Future is the cornerstone of our threat intelligence program. It’s allowed us to take a proactive approach to security and make informed decisions. If I had to get rid of Recorded Future and build out my own threat research capability myself, I’d probably need 2-4x the personnel headcount on my team, and I don’t even think I’d get close to having a finished intelligence product that you provide.
With Recorded Future, we can paint an eloquent risk picture that gives leadership and organizational stakeholders a holistic view of our threat landscape and security posture and enables them to make confident decisions.
Because Recorded Future's data is finished, we can quickly use it. We work with many intelligence providers, but the biggest difference is that other data needs to be shaped or finished - it's not ready to be acted upon. But Recorded Future's data is finished and ready to be acted upon.”
Q: How does using threat intelligence from Recorded Future set you apart from other financial services companies in the industry?
A: “With Recorded Future, we get a full picture of our threat landscape. We can track our industry-specific attacks like payment fraud, but we can also zoom out and look at geopolitical risks, state actors' techniques, and ransomware trends. With Recorded Future, we can learn about new threat actors, their techniques, and targets.
Having a complete view of threats within our environment, across our industry, and externally across the globe is critical to being proactive. Recorded Future is your Minority Report, telling you when the next attack will happen and enabling you and your leadership to proactively mitigate it.”
Q: What would you say to others in the financial services industry who are considering threat intelligence from Recorded Future?
A: “For other leaders in financial services who are looking at Recorded Future, I’d say you’re going to be partnering with an organization that has a large amount of intelligence experience. Intelligence impacts us all - it’s not just useful for critical infrastructure industries.
We’re going through a security professional shortage nowadays, and the question is, how do we become better? How do we become faster? Do you have the right partner in your corner? Recorded Future can help elevate your security defenses with an intelligence-led approach.
Ultimately as security leaders, we want to be able to sleep at night knowing our intelligence program is strong and ready to report up metrics, show us trends, and be ready for the worst, all the while maintaining customer trust. Recorded Future supports us in all of those efforts.”