Security professionals are often inundated with information. They would have to sort through and distill the information to come up with intelligence that would assist them in combating cyber security. Sieving through the wave of data is challenging enough. Being able to turn the intelligence into something useful for their organisations is even tougher.
Drowning in data image from Shutterstock
Security incidents seem commonplace these days. News of companies suffering a hacking attack, new vulnerabilities and compromised databases surface every day and vendors will come out with technical information on how the threats and vulnerabilities work. It's hard to keep up with the dynamic cyber security landscape as threats evolve at an alarming rate. This makes the job of security professionals extremely difficult as they are tasked with gathering intelligence from the flood of information in a bid to protect their organisations from security threats.
So how can the available information be processed and turns into actionable intelligence? The key is to ensure that you set goals for the data you obtain. Not all information is created equal and you will have to carefully filter through the information that you encounter.
There are specific elements that should be considered when looking at whether the information you have at hand can help in your organisation's quest to fight against the latest cybersecurity threats, according to Palo Alto Networks chief security officer of EMEA Greg Day. Here are some questions you should ask when you receive security intelligence to assess how useful it can be to your organisation:
- How timeliness is the intelligence? Cyberattacks have become more bespoke and have shorter lifespans so getting the actionable and contextual intelligence on the newest threats is critical.
- Is it actionable? Intelligence is useless to organisations if it doesn’t contain information on what to do if you encounter a specific threat.
- Is it machine readable?
According to Day:
Where attacks are constrained by only CPU power and network speed, providing intelligence that requires human inspection is inserting an analogue process into a digital problem. If we cannot directly apply actions at a technology level, without requiring human involvement to proxy the information, we add unsustainable lag into the process.
Having intelligence that can help with automating threat responses will help organisations prepare for potential attacks.
- How reliable is the intelligence? A no brainer, especially when you're using automated systems to mitigate threats.
From a risk management perspective, this mean being able to identify relevant, current, high-risk threats that require context. Likewise doing the reverse lookup on indicators requires context to be able to qualify what the attack is and does.
Having the right security intelligence can contribute to an organisation's ability to protect itself against as many threats as possible, identify high risk attacks that could affect the business and to respond effectively when it is hit with an attack, according to Day. It is in the best interests of security teams within a company to understand how to process the wealth of information they encounter to produce useful intelligence for the business.