Using Threat Intelligence to Protect Against Disruption to your Business

One of the most critical components of cyber security is threat intelligence. If we look at the big picture, threat intelligence analysis provides us crucial and aggregated information. This allows for proactive instead of reactive decision making along the way. Let’s briefly look into how we can use threat intelligence to our advantage.

Breaking Down Threat Intelligence:

1. Tactical Threat Intelligence: This involves specific actions being taken to defend network against malicious actors attempting to penetrate a network.
2. Operational Threat Intelligence: This is a bridge between strategic and tactical levels of operations. Basically, an organizations operating environment is assessed to identify warnings and indicators of potential cyber attacks.
3. Strategic Cyber Intelligence: It is important to involve the senior leadership to determine objectives and guidance to bring them up to date of known threats. This is based on what security stance is already in place in order to conclusively assess threats.

In a nutshell, senior management and business leaders should be provided strategic cyber threat intelligence that is timely, accurate and actionable. Hence, it is imperative to provide business leaders timely strategic threat intelligence analysis to develop the right cybersecurity policies. As a result of having business leaders onboard allows to fund new projects, tools, training along with staff where required to proactively mitigate threats.

Information – Gather and Correlate
One of the responsibilities of threat intelligence analyst is to gather and correlate data. This information can be gathered from a variety of sources including:

1. Forensics
2. Alerts
3. Logs
4. Feeds
5. Configs
6. Dark Web

We can then combine these sources to track, target and prevent attacks. We can see how this works in Threat Intelligence Lifecycle.

How does Threat Intelligence adds value?

1. Identify: It identifies top threats the organization faces.
2. Research: Understand the method of attack for each threat.
3. Decision Tree: Develop assumptions on most likely primary and secondary attacks.
4. Cover the Gaps: Map to existing organizational weaknesses to develop defenses to mitigate threats.

The threat intelligence analyst has to make sure that business leaders understand technical as well as  business risks/impact that are involved in addition to plans and strategies that are in place to reduce the risks. Also, it is important to communicate with leadership to invest in the right technologies.

Planning:
Once, all the information is gathered, a plan needs to be created to identify areas to invest the resources. We have to base our plan on authenticity of threats along with how often is it likely to occur. Furthermore, the plan should include investing in skills (people), plans (process) and tools (technology). Then we need to monitor and track things as they are implemented. They need to be aligned with the business objectives of the organization.

Determining the Weakest Links:
There are several ways to determine the weaknesses within the network including conducting penetration testing, vulnerability scans, red teaming and tabletop/walkthrough drills. As a result, all the data gathered empowers leaders to focus on the most important priorities first. This allows the company to have proactive detection, deterrence and remediation of threats. As a result, the organization is more agile. This also increases the trust and confidence between suppliers along with consumer and investors.

Cyberthreat Intelligence Frameworks:
Basically, it focuses attention on the proper areas to ensure follow up, removal and reduction of future threats. Some of the most widely used Cyberthreat intelligence frameworks are:

1. The Cyber Kill Chain
2. CREST Framework
3. Diamond Model
4. NICE Framework
5. MITRE ATT&CK

The cyber threat intelligence landscape is changing by the minute. We have several tactics, techniques and procedures at our disposal to identify and deter/stop attacks from taking place. This also allows businesses to be proactive in their overall approach to prevent future cyber attacks.