Blog

Building Threat Intel Security

Starting a threat intel program

A new year is upon us, along with new opportunities to step up the security game. Predictions cover the gambit of possibilities for the year ahead and accordingly, most security practitioners have adopted the principle of expecting the unexpected. Ranking high in most predictions for the year, advanced threats present a unique challenge. Be it desktop, malware, phishing, spam, and a variety of other threat types, malicious incidents can only continue to rise in every category.

Hunting Season

With so much riding on the line, a company’s intelligence, livelihoods, and reputation are in the crosshairs of malicious actors. That is one reason why threat intelligence has become such an integral component in the security team toolkit. In this world of cat and mouse, offense is sometimes the best defense. That means putting together a cyber hunt program for threats and information ahead of incidents. To be clear, we are talking about threat intelligence, matching security personnel with the tools they need to discover new threats, profile risks, and acting upon them accordingly.

Proactive and iterative in nature, security teams leverage threat intelligence to detect and isolate advanced threats, especially those that naturally fall outside of standard security solutions.

Getting the Whole Threat Picture

Subscription-based, third party, and open source information compose a great foundation of threat data for the emerging threat intelligence program. But that’s only one resource in a wide-angle multi-dimensional matrix. A threat intelligence program’s design incorporates valuable contextual information that is critical in evaluating security incidents. For example:

• Information about the type of threat;
• Statistical information across systems, applications, and networks;
• Logged information from operating systems, applications, accounts, and networking;
• Threat initiation information, duration, and cessation;
• Location information;
• Available source information.

Why Specific Information is Better

As is the case with many things surrounding technology, tempting shortcuts to establish threat intelligence security programs abound. As previously stated, third-party threat intelligence feeds are some of these shortcuts to starting a program, but it’s just a beginning.

The reason behind it is that external parties and open-source systems simply offer a reference point, with little to no context about an organization’s specific constructs, assets, applications, and issues. It should be painfully obvious, but every environment is different, from systems procurement and industry type to systems architecture, to vulnerabilities, to team capabilities, and more.

Today’s attacks are way too micro-targeted against its potential victims to take a generalized protection approach. Relevant information simply cannot purely come from an outside source, as the scale is both too large and too non-specific to rely on this information alone.

Threat Intelligence Platform

Security programs benefit from active research tools, such as those that Threat Intelligence Platform provides. Anywhere in the sequence of pre-emptive, ongoing, and post-mortem attacks, security teams leverage Threat Intelligence Platform to discover information about their potential attacks, isolated anomalous behavior, suspicious activities, and to identify attack types by referencing information sourced throughout the enterprise.

Threat Intelligence Platform helps teams find potential and actionable threat information, prevent spam, protect against password attacks, act on network probes, and more. By analyzing factors such as IP reputation, TOR nodes, anonymous proxy detection, domain and DNS history, date information, network source information, and more, Threat Intelligence Platform provides a valuable tool that should be part of all threat intelligence in the new year.

Get Help

The Threat Intelligence Platform is a system that embraces the community aspect of enhanced security while enabling the individual organization to gather and research its own specialized scenarios and events cast against its security baseline. We recommend a free trial for organizations of all types.