Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/5/2017
02:30 PM
Terry Sweeney
Terry Sweeney
Slideshows
Connect Directly
Facebook
Twitter
RSS
E-Mail

7 Ways To Fine-Tune Your Threat Intelligence Model

The nature of security threats is too dynamic for set-and-forget. Here are some ways to shake off that complacency.
2 of 8

Threat Intel's Brass Tacks

Ask your threat intel service providers anything... and everything. 
'Everyone should tell you how they gather and collate data,' says Dave Dufour, senior director of security architecture for Webroot Inc. 'Do they have a historical record, how do they [compile] it, do they pull the curtain back? These are all things you should ask, he adds. A blacklist of malicious IP address updated once a day may be enough for most organizations; if it's not, ask for more. 


Watch out for biases and marketing ploys masquerading as data, warns John Pironti, president of consultancy IP Architects. 'Sometimes you'll see a bias towards cause or hypothesis,' Pironti adds, as vendors and researchers try to support a specific point-of-view or 'pre-determined destiny.' That's an opening to ask more questions and press vendors to justify the data and conclusion.

Image Source: Wikimedia Commons, courtesy of Phase 4 Films

Threat Intel's Brass Tacks

Ask your threat intel service providers anything and everything.
"Everyone should tell you how they gather and collate data," says Dave Dufour, senior director of security architecture for Webroot Inc. "Do they have a historical record, how do they [compile] it, do they pull the curtain back? These are all things you should ask, he adds. A blacklist of malicious IP address updated once a day may be enough for most organizations; if it's not, ask for more.

Watch out for biases and marketing ploys masquerading as data, warns John Pironti, president of consultancy IP Architects. "Sometimes you'll see a bias towards cause or hypothesis," Pironti adds, as vendors and researchers try to support a specific point-of-view or "pre-determined destiny." That's an opening to ask more questions and press vendors to justify the data and conclusion.

Image Source: Wikimedia Commons, courtesy of Phase 4 Films

2 of 8
Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
michaelfillin
50%
50%
michaelfillin,
User Rank: Apprentice
1/5/2017 | 4:37:49 PM
$5.8 billion
$5.8 billion, really ? Can't trust that
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
1/5/2017 | 11:04:41 PM
Re: $5.8 billion
Michael, I think that makes sense if you look at the breakdown.  Keep in mind that this is a wide-ranging examination and as we in the tech world know, costs are in every nook and cranny.

The scope of the report looks at the whole threat intelligence security market and covers all the solutions below:
  • Security Information And Event Management (SIEM)
  • Log Management
  • Identity and Access Management (IAM)
  • Security and Vulnerability Management (SVM)
  • Risk Management
  • Incident Forensics

That's already quite a bit of annual $$ right there per solution.  Then the service breakdown below is also considered. 
  • Managed Services
    • Advance Threat Monitoring
    • Security Intelligence Feeds
  • Professional Services
    • Consulting Services
    • Training and Support

Considering the projection covers SMBs and Large Enterprises, all the major verticals and the North America, European, Asia-Pacific, Middle East & Africa, and Latin America markets, I actually wonder if the $$ assessment won't be found wanting by that time.

I understand your intitial doubt, but I work for a company that just spent about $25M on technology over the last couple years, not including budget for Security to secure that tech.  That's one major company in one major vertical in Tech.

I think the numbers are starting to look pretty solid with the scope in mind, and knowing the threat activity that is out there now and what we've seen in the past. 
cemal.dikmen
50%
50%
cemal.dikmen,
User Rank: Author
1/15/2017 | 8:11:20 AM
Question
lack of suitable technologies (525%). Did you mean 52%???
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0242
PUBLISHED: 2019-12-09
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
CVE-2015-3424
PUBLISHED: 2019-12-09
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
CVE-2015-3425
PUBLISHED: 2019-12-09
Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.
CVE-2015-7892
PUBLISHED: 2019-12-09
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
CVE-2015-0841
PUBLISHED: 2019-12-09
Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.