How St. Jude Medical Uses Threat Intelligence in Its SOC

June 23, 2016 • Amanda McKeon

Key Takeaways

With the support of Recorded Future, St. Jude Medical experienced:

  • 63 percent reduction on exploit kit traffic delivered via malvertising into the network.
  • 28 times better detection of botnet traffic.
  • 50 percent savings in analyst time for malicious IOC investigation.

St. Jude Medical is saving lives across the world with breakthrough technologies that transform the treatment of some of the world’s most expensive epidemic diseases.

Due to the sensitive nature of its work, large number of employees, valuable IP it possesses, and extensive ecosystem of third-party vendors, the company uses threat intelligence to enhance its overall security.

Russ Staiger, Lead Analyst with St. Jude’s Cyber Threat Action Center (CTAC) recently presented a webinar with Recorded Future on how his team uses Recorded Future in its security operations center (SOC) as a way to detect, correlate, analyze, and prioritize emerging threats and indicators of compromise (IOCs).

Previously, St. Jude’s firewall bot detections required an average of 168 unique sources per daily report. Today, with Recorded Future’s real-time threat intelligence integrated with its Splunk security information and event management (SIEM), the organization needs only an average of six sources per day to accomplish a similar result.

Additionally, detections of exploit kit traffic dropped from an average of 27 per day to an average of less than 10 per day. Staiger says that they now have fewer machine rebuilds and analyst time is freed up to focus on bigger-picture threats and preventative measures. With the support of Recorded Future, the organization experienced:

  • 63 percent reduction on exploit kit traffic delivered via malvertising into the network.
  • 28 times better detection of botnet traffic.
  • 50 percent savings in analyst time for malicious IOC investigation.

Staiger offered that other organizations consider the way attackers are operating now, if they want to reduce their threat profile. Attacker networks are true business operations: they employ skilled people who have sophisticated processes and use technologies to achieve their objectives. As such, companies need to consider the who, what, and how as well as the potential attack surfaces in threat intelligence gathering. Recorded Future provides this context for his team.

With Recorded Future, St. Jude’s SOC team is able to:

  • Investigate suspicious firewall traffic reports.
  • Determine the nature of undescribed or unknown traffic.
  • Ascertain greater effect of hosting policies for blocking.
  • Establish interlinked content delivery network exposures.

Recorded Future’s Cyber Dashboard, which Staiger considers his “landing page,” provides a quick temperature check to see what’s boiling to the surface of the cyber world. This includes pertinent information such as:

  • Predominant types of exploits in the wild.
  • What other companies are experiencing.
  • Who has been targeted in recent attacks.

Drilling down, Recorded Future Intel Cards are “powerful and can give you a view of the risk of an IP address, URL, or CIDR block range,” Staiger says.

Recorded Future Intel Card

The top part of a Recorded Future Intel Card.

VIEW ENTIRE CARD

Staiger presented use cases of Recorded Future, focusing on Enrichment Services for hashes, domains, and IP addresses/ranges. Since the Recorded Future app “marries into Splunk’s enterprise security app,” St. Jude’s SOC gains valuable context, can pivot through information, is able to quickly see correlations and references, and — perhaps most importantly — aligns all of the external data with internal threat intelligence to form a complete picture of emerging threats and IOCs.

When describing Recorded Future’s threat intelligence analyzed from the open, deep, and dark web, Russ Staiger said, “Recorded Future is an extremely well curated collection of some of the hardest to reach, as well as publicly available, sources all brought together to tell one story. It’s a magical moment in technology. They’re leaders in terms of having this much to draw from and having this much power.”

Learn more about Recorded Future for SOC teams, and view the on-demand webinar to hear how St. Jude Medical’s CTAC is improving its threat intelligence program with Recorded Future.

Related Posts

How Small Businesses Can Fight Cybercrime With Threat Intelligence

How Small Businesses Can Fight Cybercrime With Threat Intelligence

December 4, 2019 • The Recorded Future Team

When most people think about threat intelligence, they think about large organizations Perhaps a...

How to Reduce Third-Party Risk With Security Intelligence

How to Reduce Third-Party Risk With Security Intelligence

December 3, 2019 • The Recorded Future Team

Editor’s Note: Over the next several weeks, we’ll be sharing excerpts from the newly released...

Protecting the Manufacturing Industry With Threat Intelligence

Protecting the Manufacturing Industry With Threat Intelligence

November 26, 2019 • The Recorded Future Team

It wasn’t so long ago that large manufacturers had relatively little to worry about as far as...