Introduction to Cyber Threat Intelligence: What Can It Do for You?
By Bryson Bort, Contributor
Security organizations are stuck between a rock and a hard place. They’re trying to reduce the time it takes to detect and respond to security threats, even as they suffer from a skills and resource shortage. Can threat intelligence help? A survey of security decision makers found that, on average, threat intelligence programs saved organizations $8.8 million in the previous 12 months. Let’s look at what threat intelligence is and how companies are benefiting from it.
What is Threat Intelligence?
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them. It ranges from collecting intelligence on the dark web to identifying adversarial signatures of tools and networks. And, it starts with data.
“Data is collected from sources where threat actors congregate and operate, such as deep and dark web forums, chat platforms, and open web sources, such as paste sites,” explains Josh Lefkowitz of Flashpoint.
But data alone isn’t intelligence. “Threat intelligence is information that is relevant to the organization, has business value, and is actionable. To do this properly, organizations need the right collection methods, as well as a human team to vet and remove false positives,” says Jeremy Hass of LookingGlass.
Lefkowitz clarifies further: “Threat intelligence brings additional context to data about threats and adversaries targeting organizations.”
The Benefits of Threat Intelligence
Security organizations—particularly those that are struggling with a skills shortage—can benefit from threat intelligence. Threat intelligence can give teams the ability to defend against cyberattacks before they enter the network.
Hass explains: “Threat intelligence provides the indicators and warnings organizations need to proactively defend their enterprise from threats emanating from outside their perimeter. It is only useful to an organization if it is timely, relevant, and actionable. Our customers rely on our threat intelligence to identify the most serious digital business risks to their organization so they can implement the appropriate protections.”
Threat intelligence also enables organizations to work smarter. Lefkowitz had this to say: “Decision makers can use threat intelligence to prioritize response, or investments in technology and people. Flashpoint talks about this in terms of Business Risk Intelligence, which broadens threat intelligence’s applicability beyond cyber to support all aspects of the business including physical and corporate security, fraud teams, third-party risk assessments, and insider threats.”
The insights provided by threat intelligence gives teams the ability to improve their threat response times. “A big benefit for security teams with threat intelligence programs is that they are able to respond to threats faster than before. Generally, the faster you are able to make decisions and take action against a threat, the less likely you are to be affected by an adversary and the more likely you are to be proactive, rather than reactive, in your security approach,” says Adam Vincent of ThreatConnect.
Who Needs Threat Intelligence?
Threat intelligence is industry agnostic, but it is primarily the purview of large enterprises with the maturity to take advantage of this level of sophistication. “Security is not a market vertical problem—it is everyone’s problem. We have customers spanning almost every vertical, and have seen industries across the board—energy, health, media, and entertainment—hit with cyber issues,” says Hass. “The reason we see so much more news coverage around breaches to industries such as healthcare or financial services is because of their close nature to personally identifiable information.”
Vincent agrees. “Simply put, if your organization houses sensitive data, you can benefit from having a threat intelligence program in place. That said, some industries see more value than others because of the current threat landscape and they are considered high-value targets.”
Those “high-value targets” are often those organizations in highly regulated industries, like health care and financial services. These organizations collect and store data that has a higher monetary value on the dark web and therefore offer attackers a greater return on their efforts. However, a survey of 351 cybersecurity decision makers on their use of cyber threat intelligence demonstrates its applicability across industries. Cyber security professionals at telecom and communications (90%), retail and consumer product goods (86%), hi-tech (79%), and banking and finance (71%) industries said their organizations’ threat intelligence programs had blocked threats within the last year that otherwise would’ve cost a significant sum of money.
Threat Intelligence in Action
Cyber threat intelligence can be used to solve a variety of security challenges. Here are three examples of threat intelligence in action.
- Aflac, a U.S.-based insurance provider, uses Flashpoint’s intelligence to identify threat actor activities specifically targeting its policyholders. This enables Aflac to identify potential instances of insurance fraud and take action before a loss is incurred. Flashpoint can also inform Aflac’s fraud teams of activities that could put policyholders’ personally identifiable information at risk.
- LookingGlass helped a company stop a misinformation campaign. The customer was seeing online rhetoric distinct to their organization, including a phishing website that showcased language, imaging, and branding pulled from the organization’s legitimate website. LookingGlass identified the page as a phishing attack, removed it, and maintained 24/7 alerting to ensure that other sites like this didn’t pop up again.
Threat intelligence can empower cybersecurity organizations to work more efficiently and effectively—without adding headcount. When timely, relevant, and actionable, cyber intelligence gives organizations the advantage they need to fight cyberattacks before loss is incurred.