FEATURE


cybersecurityeurope PAGE 34


CHARTS


at industry conferences can be


valuable sources when it comes to piecing together knowledge of cyber adversarial events. Within this context TI can provide additional value to c-suite: it provides a thought intersection that brings together technological considerations with known facts about the threats to be counteracted against. TI also helps to remove any delusion of randomness that has befuddled cyber defensive strategies beset by malicious actors without identity and with motivation missing. TI helps to explain who is behind attacks and why they attack. TI helps senior executives to ‘cut


through the noise and focus on the threats that are most likely to have a major impact on their enterprise,’ says a briefi ng from FireEye (‘Threat Intelligence Use Case Series’, 2019). TI reports also provide information on threat actors targeting specifi c industries, geographies and enterprise sectors, as well as on their tactics, techniques and procedures (TTPs). ‘TI can help CISOs and senior IT


offi cers improve communication with non-technical top executives,’ FireEye adds, ‘in terms of risks and threats to the business and the fi nancial and political goals of threat actors.’


The 2020 SANS Cyber Threat Intelligence Survey (sponsored


by EclecticIQ) defi nes TI as ‘analysed information about the capabilities, opportunities and intent of adversaries that meets a specifi c requirement determined by a stakeholder’. Organisations employing ongoing TI programmes focus on understanding the threats they face and the generation of specifi c factual analysis that informs threat defence – what steps must be taken in response to known threats. TI is perforce a highly complex undertaking. It relies on a combination of people, processes and tools to both generate,


At its most successful, the value of Threat Intelligence extends to sharp-end business owners further down the corporate hierarchy.


consume, and act on the intelligence. At a time when industry analysts expect process automation to take over from human intervention in many enterprise cyber security operations, TI retains a steadfast reliance on human brainpower. People generally conduct the analysis that will lead to fi nished intelligence; they also decide what tools and processes to use to support their eff orts. As the SANS survey points out, a single human analyst can be successful with the right tools and support from other security teams; however, SANS has seen an increase in the percentage of respondents choosing to have a dedicated team responsible for an entire TI program. Data processing plays integral part in TI programmes. It includes


repeatable tasks such as deduplication of data, data enrichment and data standardisation, along with other more intensive tasks that require more analysis of their own (e.g., reverse engineering malware). Most respondent organisations to the SANS survey say that processing is either a manual or semi-automated process. Deduplication is the most commonly automated process: only 27% of organisations report deduplication of data via manual means.


CLICK OR TOUCH ICON


CLICK OR TOUCH ICON


CLICK OR TOUCH ICON


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62