Threat Intelligence Blog

Posted March 28, 2018

Every enterprise organization is in a security arms-race that they must win. As technology becomes ever-more intertwined into every business process and every element of the customer experience, the impact of a security breach becomes catastrophic.

Of course, every enterprise already knows this.

The question, however, is what to do about it when the organization must also evolve and expand its technology stack to meet the insatiable needs of its customers and the market.

As the attack surfaces continue to proliferate, enterprises cannot turn away or let their guard down. Instead, they must find a way to continually elevate their security posture and get ahead of the bad actors who are, likewise, continually seeking a vulnerability that will give them an opening.

A more efficient and effective way of approaching cybersecurity promises to help enterprises get the upper hand in this game of cat-and-mouse by identifying emerging threats before an attack begins — and delivering this intelligence in an actionable form without the overhead. The approach? Threat-intelligence-as-a-service.

The Losing Battle for Containment

When it comes to an organization’s security posture, there’s a natural evolution that occurs. The first stage of evolution is all about containment and perimeter security.

In this first stage, the focus is on establishing a perimeter, securing it and then containing any further exposure. This need for containment is so that organizations can define the theater of engagement — ensuring that what’s inside is safe so they can focus resources on protecting the perimeter.

This type of first-stage security posture has been the predominant focus of IT organizations. But this kind of security posture only works when you can effectively define and contain your perimeter — or, as it is also called, your attack surface.

As your attack surface expands or changes, especially when it is doing so at a rapid rate, containment becomes almost impossible. In these situations of an uncontainable attack surface — precisely what is happening now in the era of digital transformation —  the organization must evolve its security posture to the next level. The question is how?

Why Threat Intelligence is in Your as-a-Service Future

The natural response to dealing with an expanding attack surface is to keep doing the same things – just faster and more expansively. This approach, however, is not only exhausting, it’s ineffective.

It’s a bit like trying to keep all the plates spinning on their poles – it’s only a matter of time before it all comes crashing down.

Organizations must, therefore, find a way to identify threats before they ever reach their dynamic and expanding perimeter and then respond preemptively. We call this concept of identify threats before a security event has happened, threat intelligence.

On the surface, employing threat intelligence sounds like the next logical step to proactively protect the organization’s hard-to-contain perimeter. But doing so is much harder than it sounds.

Identifying emerging threats to the enterprise, without creating a debilitating surge of false-positive alerts, requires equal measures of intelligence information, triage capabilities, and expertise to identify indicators that represent a threat to the enterprise.

Delivering effective threat intelligence is a mixture of science and art – and a capability that many enterprises are finding difficult and expensive to build in-house.

Threat Intelligence-as-a-Service, however, promises to deliver the threat intelligence capabilities that enterprises need, without the cost and overhead of building it themselves. Utilizing a managed service for threat intelligence will help enterprises develop this now-essential capability while minimizing the resource impact to the organization.

The Intellyx Take

It may be discomforting for enterprise executives to hear that they need to elevate their security posture and expand their already resource-strapped security operations further afield.

Creating a threat intelligence capability is not the core business of most enterprises. It is nevertheless essential for enterprise leaders to take an active response posture and engage threats far beyond their continuously evolving perimeter. Doing so, however, requires intelligence about those threats and the skills and expertise to make sense from the intelligence data.

This need for intelligence, but the counter-desire to not build and manage a threat intelligence capability is why enterprises are now turning to industry pioneers such as LookingGlass and their threat-intelligence-as-a-service offerings to strike this balance by outsourcing this critical capability.

There is no question that the security arms-race is continuing to escalate. The bad actors are well-funded, organized and ambitious. Enterprise organizations must respond in-kind, but must do so intelligently.

While an enterprise can never outsource its security responsibility, it can and should seek to leverage outside resources that can extend its capabilities in the most resource-efficient manner possible. As the fight between enterprises and those who wish to do them harm continues, enterprise leaders will need every advantage they can muster.


Copyright © Intellyx LLC. LookingGlass is an Intellyx client. Intellyx retains full editorial control over the content of this paper.

Additional Posts

Can the Washington D.C. Metroplex Become a Major Hub for Cybersecurity Startups?

For many years, technology startup activity in the metropolitan Washington D.C. area has been ...

Weekly Threat Intelligence Brief: March 27, 2018

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...