Is cyberthreat intelligence becoming increasingly important in the battle against cybercrime?
By Ali Sleiman, Technical Director MEA, Infoblox
Threat intelligence is analysed information about the intent, opportunity and capability of malicious actors. This is where the planning phase becomes important, today’s organisations are required to understand their own environment first and then understand the challenges they need to solve. Once an organisation understands its infrastructure, personnel, and operations, it can then protect itself from malicious actors with the right solutions in place. Generally, organisations that fail to perform these basic steps simply do not get the most out of threat intelligence.
Many organisations need the help in determining what is important and making the decision on whether the intelligence is applicable. It is vital to an organisation to have the ability to produce or consume tailored threat intelligence that can provide actionable strategic and tactical choices that impact your organisation security. Most organisations experience security gaps, slower detection of vulnerabilities and time-consuming processes to remediate threats. This happens as a result of having tools and processes that often live in silos between network and security teams. Usually, security operations teams are bombarded with thousands of alerts each day and don’t have the means to prioritise them based on actual risk.
Threat intelligence and the network are a gold mine of data that can be used to provide actionable intelligence and context around threats. The lack of visibility into network data inhibits taking the right action based on context. Operations teams for example can determine scope of a security incident or automate correlation of network context and data with security events. They can get access to audit trails to profile device and user activity.
Being able to know and respond in real time to activities seen by network tools can go a long way in accelerating incident response. But without automation, operations teams are left with assembling data from various sources manually. Often the security teams don’t even get a notification when a vulnerability is discovered or an incident of compromise happens.
Optimising threat intelligence involves several steps. Infoblox’s view on how to optimise threat intelligence is through policy enforcement using timely, consolidated and high-quality threat intelligence that is aggregated from multiple sources, verified and curated by an in-house threat research team. This type of approach eliminates conflicts between sources and distributes uniform threat intelligence to the existing security infrastructure, providing a single source of truth.
Every organisation needs its security analysts and researchers to investigate threats faster. Our approach to solve this need is by providing a single yet broad source of truth through our partners and marketplace. Infoblox’s Threat Intelligence Data Exchange provides accuracy and context for each indicator enabling the security personnel to focus on the most critical indicators and ignore false positives, thus freeing up the security personnel to take on other tasks.
Finally, organisations such as enterprises, government agencies and service providers needs a solution that delivers Actionable Network Intelligence. Infoblox is the industry leader in DNS, DHCP and IP address management (DDI), with our unique position on the organisation infrastructure and our ability to enforce policies using timely, consolidated and high-quality threat intelligence that is aggregated from multiple sources, verified and curated thereby, eliminating conflicts between sources and distributing uniform threat intelligence to the existing security infrastructure, providing a single source of truth.