Published November 2019
Sponsored by Cofense, DomainTools, Proofpoint and Spamhaus Technology.
Executive Summary
Cyber security is an ongoing battle between sophisticated and well-funded bad actors and those who must defend corporate networks against their attacks. The bad news is that the latter are typically not winning. A recent Osterman Research survey found that while most organizations self-report that they are doing “well” or “very well” against ransomware, other types of malware infections, and thwarting account takeovers because of the significant emphasis placed on these threats, they are not doing well against just about every other type of threat. These include protecting data sought by attackers, preventing users from reaching malicious sites after they respond to a phishing message, eliminating business email compromise (BEC) attacks, eliminating phishing attempts before they reach end users, and preventing infections on mobile devices.
This missing component for most organizations is the addition of robust and actionable threat intelligence to their existing security defenses, which can be segmented into four subcategories:
- Strategic (non-technical information about an organization’s threat landscape)
- Tactical (details of threat actors’ tactics, techniques and procedures)
- Operational (actionable information about specific, incoming attacks)
- Technical (technical threat indicators, e.g., malware hashes)
The use of good threat intelligence can enable security analysts, threat researchers and others to gain the upper hand in dealing with cybercriminals by giving them the information they need to better understand current and past attacks, and it can give them the tools they need to predict and thwart future attacks. Moreover, good threat intelligence can bolster existing security defenses like SIEMs and firewalls and make them more effective against attacks. Threat intelligence plays a key role in proactive defense to ensure that all security programs are relevant to the fast-evolving threat landscape. This is particularly valuable in security awareness training to ensure users are familiar with known threats.
