Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/13/2018
10:30 AM
Tom Badders
Tom Badders
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Structure an Enterprise-Wide Threat Intelligence Strategy

To keep an organization safe, you must think about the entire IT ecosystem.

The ever-expanding range and diversity of cyber threats make it difficult for organizations to prioritize their offensive and defensive strategies against attackers. From malware, ransomware, and other attacks coming from the outside, to insider threats and system vulnerabilities from within, today's expanded attack surfaces cut across the whole enterprise landscape — and that means an enterprise's threat intelligence strategy must address the entire IT ecosystem.

To be effective, threat intelligence must be proactive, comprehensive, and done in a way that doesn't inadvertently create more risk. Unfortunately, as a recent Ponemon survey illustrates, most organizations fall short of this goal — tripped up by a range of challenges, including a lack of expertise and overwhelming volumes of data. Improved threat intelligence comes from improving the strategy, techniques, and tools employed by enterprises to probe their networks for weakness and shore up defenses and resiliency.

A "Dirty Internet" of Threats and Vulnerabilities
The digital universe is vast, but it's also "dirty" in the sense of data seeping across perimeters and network boundaries. This "digital exhaust" — evidence of visits, searches, purchases, and other behaviors that users leave behind on the Internet — is growing quickly and is grist for hackers looking to penetrate systems and databases.

Unfortunately, one of the most valuable forms of digital exhaust comes as a by-product of poorly designed threat intelligence. Too often, threat intelligence involves tools and processes that, while designed to monitor the perimeter and internal systems for threats, unwittingly leave behind artifacts of that troubleshooting activity that malicious actors can ultimately use against the organization. 

This "fly on the wall" process of observation could even uncover specifics about who is conducting the threat intelligence and what devices they're using. Adding to the challenge, today's threat actors are sophisticated enough that firewalls, VPNs, proxy servers, and other traditional secure access solutions are too weak to stop them.

What's needed is a new approach to operating on the Internet that makes use of managed attribution techniques, including data obfuscation, identity and location masking, and multiple levels of encryption and authentication to reduce and virtually eliminate the attack surface. In other words, an ideal threat intelligence strategy would not only protect data from breaches but also protect data in the event of a breach. Both goals can be achieved.

Anonymity and Managed Attribution
Anonymity is an important component. This is where technology is used to conceal your identity, location, and details about the device you are using as you conduct threat intelligence. Managed attribution takes things a step further, not only hiding your identity and location, but actually making it appear as if you are someone else operating from somewhere else — a soccer parent in Manitoba, say, instead of a systems analyst in Arlington, Virginia.

Further, organizations need to manage both the technical and personal side of user identities. Technical attribution might involve a virtual desktop that's clean and separate from the data on an actual device; there are even systems that frequently and randomly swap IP addresses at the point of presence. Personal attribution, meanwhile, involves multiple profiles that can be swapped out as quickly and easily as signing in and out of the platform. Suddenly, the soccer parent in Manitoba becomes a street merchant in Madrid. 

Securing Data for a Secure Future
Ultimately, the entire network architecture should be cloaked from the view of threat actors looking to seize access and advantage. This involves obfuscating network operations through a cloud of encryption and IP hopping capabilities that mask user and organizational data through a series of complex pathways, directory nodes, and networking hops that scramble the meaning and context around data and its users.

While the attack surface can't be eliminated entirely, obfuscation can turn that surface into a meaningless or unappealing target to potential threat actors. It's even possible to obfuscate entire pieces of infrastructure — email systems, application servers, and storage facilities — and this can all be designed and implemented in the cloud.

The innovation around threat intelligence is constant, and for good reason. It's not just that organizations need to protect assets today; they also need to be prepared (as much as possible) for tomorrow's unknown and unknowable threats. Effective threat intelligence can also help organizations meet regulations such as the EU's General Data Protection Regulation as well as existing standards that require them to employ technical and organizational measures that ensure an appropriate level of security.

For all these reasons, improved threat intelligence can and should be a priority for any organization or government agency. The right strategies, tools, and partners can lead to a higher level of security that keeps both cyber-threat teams and organizational data safe and secure from evolving and ever-growing cyber threats.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Tom Badders is the Senior Product Manager for Secure Mobility Products and Services at Telos Corporation, a leading provider of continuous security solutions and services for the world's most security-conscious agencies and organizations. Leveraging over 40 years of ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark Reading,  1/15/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3595
PUBLISHED: 2020-01-22
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
CVE-2011-3610
PUBLISHED: 2020-01-22
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
CVE-2019-18583
PUBLISHED: 2020-01-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18584
PUBLISHED: 2020-01-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.
CVE-2019-18585
PUBLISHED: 2020-01-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.