October 02, 2018
Cyber threat intelligence: The cyber defender’s most valuable weapon
By: Josh Ray

Not all threat intelligence is created equal. This is a fact that many organizations, businesses and government institutions learn the hard way. There is a distinct difference between threat data and threat intelligence. Many vendors in the threat intelligence market today simply aggregate open source feeds, and then drop the aggregated data into a collection and access portal, calling it “threat intelligence”. Threat intelligence analysis is a process. Done properly, it hews to a well-honed and defined tradecraft that can only be mastered with experience and dedication to defend networks from cyber criminals, hackers, hacktivists and nation state sponsored actors.

Cyber defenders do not have the time to sift through false positives. They are fighting a war that started a few decades ago and continues to grow in intensity. Cyber defense personnel need to be armed with true threat intelligence to defend their networks and ensure the success of their mission. True threat intelligence is threat data that has been evaluated by a human being. iDefense threat analysts are experts in their respective fields and have deep knowledge of cyber threat intelligence techniques. They have access to deep dark web forums and communication channels. They are able to look for the adversary, his tools, his tactics, his procedures, his motives, his goals, who he works for and where he is working from. Cyber defenders need to access correlated threat intelligence that showcases relationships of past attacks and modus operandi for threat actors they are fighting. Only with this intelligence are they able to proactively protect the mission and build intelligence driven countermeasures.

The Accenture iDefense threat intelligence team regularly produces in-depth country and regional intelligence reports, current and relevant threat feeds, and allows access to subject matter experts across vulnerability, malcode, and global cyber security teams to help security teams to:

  • Understand the global implications of emerging and existing threats as they evolve
  • Proactively protect their organization from the threats that matter the most
  • Prioritize their threat mitigation strategy—and optimize internal resource allocation decisions
  • Make efficient decisions to support fruitful incident response and fraud response strategies/actions

There are three types of Cyber Threat Intelligence that the iDefense Threat Intelligence team provides to support organizations in defending their networks. The graphic below explains the intelligence types, who uses the intelligence and why it is valuable.

The three types of Cyber Threat Intelligence, what questions they answer, who uses the intelligence and the value it provides to organizations.

Threat Intelligence can accelerate security operations in various stages of the cyber defense cycle. The cycle prepares for threats, predicts and detects breaches, and responds to and recovers from incidents via security capabilities informed by threat intelligence.

The Cyber Threat Intelligence Cycle prepares organizations for threats, helps them predict & detect breaches, and helps them to respond to or recover from incidents.

Businesses, agencies and other types of organizations have an increasing need to do more with less. On top of that they need to change their security operations and cyber defense models quickly to adhere to new policy-driven requirements and ever changing cyberattack methods. To protect their mission or their business they need to stay ahead of the ever-evolving threat landscape. The only way to do this is have a deep and broad understanding of threat actors, threat groups, nation state actors and hacktivist groups in the moment, and as they evolve over time.

Defending against cyberattacks with aging technologies and shrinking budgets, makes it critical to stay on top of the most relevant threats and making the right resource-allocation decisions. Security practitioners and cyber defenders rely on Accenture iDefense Security Intelligence Services to provide around-the-clock access to relevant and actionable cyber intelligence to support decision makers with threat awareness, vulnerability management and incident management expertise.

iDefense threat intelligence is a crucial piece of the cyber defense puzzle for any business, organization or agency, to thwart even the most nefarious threats, no matter how hard the threat actor executes or how quickly he pivots to new attack methods.

Popular Tags

    More blogs on this topic