Threat Intelligence (TI) and the use of data to detect security threats has rapidly become a sought-after solution by enterprises to secure their businesses. Something which was earlier common to government and defense organizations is now effectively being used to secure enterprises.
Gartner defines Threat Intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”
Threat Intelligence solutions generally provide a detailed analysis and actionable reports based on the data and information obtained from the understanding of network structure, operations, operators and activities. It uses combination of techniques including behavioral analytics, cohort analytics, machine learning, big data and other algorithms to identify threats from both internal and external actors.
A good threat intelligence solution can provide immediate security information related to a business’s network ecosystem. These solutions prioritize vulnerabilities and predict threats, enabling security teams to rapidly take action. An equally important aspect of effective threat intelligence is also the ability to filter false positives and have a fast time for threat surface. This becomes especially important to detect insider threats. Amongst the hundreds of unusual activities detected on the network, for taking timely action, it is important to easily and quickly differentiate the legit activities from the ones that pose a risk. Equally important is the solutions ability to predict and detect threats that have not been found earlier. Apart from detecting threats based on signatures or rules of already detected threats, the solution should be capable of predicting anomalies and abnormal behaviors.
So does access to timely, accurate and actionable cyber threat intelligence make a difference in blocking or preventing external attacks? According to a survey by the Ponemon Institute, 67% of respondents indicated that the use of threat intelligence outweigh the costs associated with it and found 35 instances of threats that got undetected in absence of an intelligent system.
There are several solutions available and the choice is not easy. A careful evaluation of how the solution will adapt to one’s business ecosystem and provide effective prediction and redressal will be key to selecting the best solution.