Analytics // Threat Intelligence
6/3/2013
07:16 AM
Dark Reading
Dark Reading
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%

Strengthening Enterprise Defenses With Threat Intelligence

By integrating security monitoring with threat intelligence, organizations can build a smarter defense

[The following is excerpted from "Strengthening Enterprise Defenses With Threat Intelligence," a new report published this week on Dark Reading's Security Monitoring Tech Center.]

Threat intelligence is emerging as a topic of both interest and debate within the infosec community. The fact that there's interest probably isn't hard to understand in light of the growing volume of security related information organizations receive.

For the average security practitioner, information about threats arrives in a nearly constant stream via a hodgepodge of formats and channels -- emails from vendors, bulletins from a variety of sources, word of mouth from colleagues, news updates from the industry press and so on. The information supplied via these various updates covers a number of disparate topics, from specific vulnerability information to attacker tools and techniques to information about who's been attacked most recently.

Given this barrage, anything that promises to assist in navigating this information -- and making it more actionable -- is going to be of interest.

However, there's also some debate. While some industry pros view threat intelligence as a critical component of their security program, others think it's just another industry fad with comparatively little value.

Advocates of threat intelligence say that only by understanding the motives, methods and actions of attackers can we effectively defend against them; skeptics say security is all aboutthe fundamentals, and that anything that distracts from those fundamentals is noise.

Who's right? Both camps are. As with most things, value is subjective and mileage will vary from organization to organization. This is based in large part on organization-specific factors, including how it defines threat intelligence, the data the organization evaluates, the maturity of the shop in question and the use cases for the data.

Chief among the value considerations is integration with existing data and processes -- meaning, the value threat intelligence will or won't have depends on the degree to which it's integrated into other security-related processes and data.

Data that is reconciled with internal information and used directly to support existing processes is likely to be useful. Data that is siloed among a closed community (or that's "shunted" to places where operational staff can't make use of it) won't be useful.

As threat intelligence data proliferates and becomes more useful, some vendors are beginning to tie that data more closely to their internal security monitoring, which is often doen through security information and event monitoring (SIEM) systems. Security vendor Vigilant, for example, has created a set of tools that integrate SIEM with more than 40 different sources of threat intelligence, enabling enterprises to view both the external threat and its potential impact on internal security posture.

In terms of tactical integration, the goal isn't to replace other controls. Recall that most security organizations have already invested (in some cases heavily) in internally focused security capabilities and protection mechanisms. The goal is to funnel threat intelligence to these tools in order for them to function more effectively.

To read more about how organizations can tie threat intelligence to their internal security systems -- particularly security monitoring tools -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.