3 Tips for Operationalizing Cyber Intelligence

Blue

In 2014 it became abundantly clear that threat intelligence provides a decisive advantage in protecting your enterprise. Using threat intelligence, savvy security practitioners can reduce the time to remediation, prioritize the endless barrage of alerts, and begin to truly understand what adversaries are targeting in their organization. Through this understanding, the enterprise security professional can effectively begin to protect the business (*note the use of business over enterprise).

IT security is no longer being considered a ‘nerd’ problem. It is impacting the bottom line and rightfully attracting the attention of both the C-level and the board. While incorporating threat intelligence into an enterprise operation is challenging, one of the biggest challenges organizations face today is operationalizing intelligence and incorporating it into their processes (e.g. intelligence may not be in a format that you can upload to a security device or incorporate into a back end system). Here are three things organizations can do today to begin to operationalize intelligence that they may already have.

1) Review previous attacks against your organization and understand the who, what and why. Whether it’s a previous attack against your organization or attacks against other organizations within your business sector, attacks that happened in the past are an incredible source of information that can inform future security strategy. Part of setting up the strongest possible defense is understanding who may be coming after you and what tactics they’ll likely be using. For example, understanding the geopolitical motivations behind many energy sector hacks can help energy organizations know what information hackers will likely seek to exploit and can build their defense around securing that data. The same goes for other sectors affected by recent high-profile breaches, such as retail and healthcare.

2) Review how to incorporate threat information into enterprise defenses. There are a lot of good information indicators available, such as knowledge of various tactics and exploits, but organizations often don’t have in place a solid plan to incorporate new information into existing security procedures. It’s not enough to have a “set it and forget it” approach to cybersecurity in today’s ever-evolving threat landscape. Organizations need to devise an ongoing strategy for reviewing and updating enterprise defenses based on ongoing threat intelligence.

3) Identify critical business assets that would be most impacted by cyber attack. Unfortunately, many organizations don’t even know what their business-critical information assets are, which leaves them very vulnerable to attack. After all, how can you come up with an effective security strategy if you don’t have a thorough understanding of just what it is you need to protect in the first place? If your organization has not yet identified what their critical business assets are, that needs to be the first step in developing a robust security strategy. The time to do this is now, not once an attack has already happened and you realize in retrospect that your organization is now compromised beyond repair and operating in a reactive mode.

Adam Meyers

Adam Meyers has authored numerous papers for peer-reviewed industry venues and has received awards for his dedication to the information security industry. As Vice President of Intelligence for Crowdstrike, Meyers oversees all of CrowdStrike’s intelligence gathering and cyber-adversarial monitoring activities. Previously, Meyers was the Director of Cyber Security Intelligence with the National Products and Offerings Division of SRA International where he provided technical expertise at the tactical level and strategic guidance on overall security program objectives.

 

Stop Breaches with CrowdStrike Falcon request a live demo