Partner Perspectives  Connecting marketers to our tech communities.
4/14/2015
04:10 PM
Emilio Iasiello
Emilio Iasiello
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Threat Intelligence Is a Two-Way Street

Intelligence analysis should be looked upon as less of a service and more of a partnership.

In the wake of public breaches of large enterprises, organizations are quickly realizing the need to develop cybersecurity strategies that include developing or acquiring technical and analytical solutions to support network defenders and decision makers alike. As a result, there has been a noticeable boon in the global cybersecurity industry, which is expected to grow to $155.7 billion by 2019, according to a report from Cybersecurity Ventures, a world market research organization.

One capability being offered by many of these cybersecurity companies is cyberthreat intelligence, which usually encompasses a fusion of technical and threat analysis. Vendors promote their analytic capabilities to deliver accurate, timely threat information in order to provide advanced warning or decision-making advantage to their customers.

However, one challenge that all private security companies have in this space is getting the proper guidance and information from customers, which could be used to improve and focus analysis. An intelligence production cycle will typically have these components, though some organizations may have an added or subtracted step:

  • Setting requirements
  • Gathering data
  • Interpreting gathered data
  • Analyzing and reporting
  • Disseminating final product

During the setting-requirements phase is when a customer will engage with an intelligence unit to identify and determine the issues that need to be covered and shape any intelligence requirements that need to be addressed. Granted, there are those occasions when customers may not know exactly what they want or don’t know how to communicate it via their intelligence requirements. At these times, it is incumbent upon intelligence analysts to help educate and inform customers about the potential pitfalls that may result if requirements are not more advantageously scoped.

This is a critical stage of the process because if questions are not properly scoped and prioritized, collection strategies will be impacted, and the finished intelligence product may not be responsive or may be too vague to be useful. Time invested up front in setting prioritized focused requirements will prevent this from happening.

This is particularly important with cyber-intelligence because organizations can provide information unique to their particular environment and receive indicators and intelligence that help shape their cybersecurity postures. Indeed, Carnegie Mellon’s Software Engineering Institute (SEI) echoes this sentiment in a January 2013 report reviewing how private companies conduct cyber-intelligence. SEI’s key findings cited scoping the cyber-environment to an organization’s mission as one of its recommended best practices for the cyber-intelligence industry.

Ultimately, intelligence analysis should be looked upon as less of a service and more of a partnership whose success relies on the full commitment and engagement of both intelligence producer and intelligence consumer. Organizations that adopt the intelligence cycle into their business practices will find that the more they provide to the process, the more they will receive. Sharing pertinent data such as technical data collected from hostile activity transpiring against networks, and providing advanced notice of business activities, will help focus analytic efforts on the most pertinent cyberthreats against the enterprise. In turn, this information can contribute to the larger community via threat indicators, thereby strengthening the greater collective’s cybersecurity efforts. 

Emilio Iasiello has more than 12 years' experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Fidelis Cybersecurity provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today's sophisticated advanced threats and prevent data breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence through use of our Network Defense and Forensics Services – delivered by an elite team of security professionals with decades of hands-on experience – and our award-winning Fidelis XPS™ Advanced Threat Defense Products, which provide visibility and control over the entire threat life cycle.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.