There are multiple methods of receiving threat intelligence. Most first consider tactical threat intelligence, such as feeds of bad IP addresses. However, to truly be threat intelligence, those feeds need to be inspected by humans.
“You can’t really have just an automated process that’s kicking out bad IP addresses – that’s just a security feed … you want known tactical intelligence on bad locations,” said Nuspire’s CTO, Matt Corney.
The use of threat intelligence can help lessen your organization’s attack surface.
“Ultimately, all threat intelligence is going to be timely, accurate, actionable and relevant. It really allows you to understand the campaign and the threat actors – the bad guys – that are involved in that advanced threat scenario against you,” said Corney.
It’s important to understand your industry – what affects you and what affects your organization, to know who’s after you and your data.
“On the tactical side of things we can block IPs outbound from our network that might be escaping the command and control centers. We can utilize it within our SIEM technology to identify connections that are to known bad locations and identify compromised systems within our networks,” said Corney.
It’s also important to understand the difference between a feed or an indicator versus tactical intelligence. Corney explained that you want to try to marry up lots of data points across lots of sources.
“Then, on top of that, bring that through a human system … partially just humans reviewing the data, algorithms that are being written, to understand all of that data and then rank it into a process that helps you understand the quality side of that … then apply the highest quality portions of that data into your active security profiles while you monitor the back side,” said Corney.
There are a lot of aspects to consider in the cyber threat intelligence process, but it’s an important part to be utilizing within your infrastructure as part of your SIEM technology or as part of an active response in your gateway and firewalling technology.
To learn more about cyber threat intelligence and how to better protect your network, view Nuspire’s webinar here: https://www.youtube.com/watch?v=aDgNqt_xpVs.