June 17, 2016
Joe Franscella

Differences Between A Good And Bad Cyber Threat Intelligence Framework

<p>Threat intelligence will be more important than ever in the times to come. As we put more of our social collateral and personal data online, our vulnerability increases. Costs from hacking and espionage are expected to spike from $500B <a href="http://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion" target="_blank">to $2.1 Trillion by 2019</a>. Reports of browser attacks, identity theft, social media hacking, and e-mail spam have all continued to show growth.</p><p>When you commit to a cyber threat intelligence framework for your enterprise, you purchase software for its ability to scan for problems and ideally leverage the most current intelligence. Most small to medium sized enterprises will require support to perform updates and continue to customize the system. When evaluating solutions, consider the product in hand as well as the company backing it.</p><p>Superior systems cover more than traditional channels. Some older malware detection tools are designed to scan the computer network, web domain, and email server. Ignoring traffic on the Internet of Things (IoT) leaves the enterprise vulnerable to attacks via smart devices. Imagine securing every terminal only to have your network taken down when an employee charges their step counter in a USB port.</p><p>The rules are changing and your cyber threat intelligence framework must be poised to respond to every new threat innovated. When spam first began to show up in our emails, it was easy to recognize after learning some basic indicators. Spam emails and bogus advertisements used to rely on “cold reading” tactics such as generally enticing subject lines to fool users into clicking. Viruses are now so sophisticated that they are able to mine your local files and cloud-based accounts for names and topics personalized to trick the victim.</p><p>Threat intelligence enables the developers of online security applications to identify new threats and respond. A superior security solution can respond to new viruses or bots by creating and distributing patches as quickly as possible. Evidence based reasoning is multifaceted data analysis, the product of which is intelligence users can better interpret with their own individual perspective.</p><p>A good framework is usable in a real environment. The best security solution varies based on the size of your enterprise and the amount of staff dedicated to IT security or, specifically, to threat intelligence. Smaller enterprises may wish to outsource a basic threat intelligence framework built with readily available <a href="https://www.alienvault.com/blog/deploying-managing-and-leveraging-honeypots-in-the-enterprise-using-open-so">open source technology</a>.</p><p>Some systems are nuanced enough to give more reliable alerts than others. More alerts are not necessarily a good thing. Overuse of the threat alert system contributes to a blasé attitude about them. It’s no longer enough to avoid emails from strangers and notoriously spammy products. Solutions which offer <a href="{page_2086}">protection at every step of the chain</a> have greater likelihood of catching suspicious activity.</p><p>Threats must be identified and mitigated before damage has occurred. If the cyber threat intelligence framework is able to detect unusual traffic and identify it as an exploratory mission by threat actors, it can be prevented. It is estimated that over 100 days pass between initial breach and acknowledgment of the breach. In some unusual cases, hackers remain undetected for years. Systems which employ a honeypot are able to detect threats in a low-risk environment.</p><p>Threat intelligence is of national concern. DOJ Compliance is now the responsibility of every US entity collecting personal information or data of use to domestic threats. Until recently, US government contractors had no formal protocol for reporting breaches or suspicious events. Ideally your threat intelligence framework <a href="{page_2094}">allows you to share threat data anonymously</a>. This way criminals can be studied, identified, and caught with as little intrusion as possible.</p><p>Since <a href="http://online.lewisu.edu/msis/resources/the-evolution-of-the-computer-virus" target="_blank">the first internet viruses</a> ran amok in the 1980s, many tools have been produced to fight these threats. These defense systems are designed to catch, identify, and respond to cybersecurity breaches. Solutions are not created equally so it is necessary to perform due diligence and evaluate different online security systems objectively.</p><p>Want to see more in depth information on what a successful program looks like? One that you can build? Download our free whitepaper and find out!</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-f68f0b2e-fb62-48eb-acd6-8b2ad6455083"><span class="hs-cta-node hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" data-hs-drop="true" id="hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" style="visibility: visible; display: block; text-align: center;"><a class="cta_button " cta_dest_link="{page_3451}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=0a81b108-0c35-466f-8ccb-36ff661bc040&placement_guid=f68f0b2e-fb62-48eb-acd6-8b2ad6455083&portal_id=458120&redirect_url=APefjpER1UdIKeHo4l_gJvfHlQfStsAGjbSEnW8J6KvnnAb4sEY3dX3e8kuB2uxkh_O5Lai1nrF_BeFkQYX-eOzJxsgDVtitbqVCLH57rNVAwF5BqXlAFodwbLjUAfZRVeEl94Ap5dWRT6nFRaUre7A_qaZ6v8iqgiFUC2EARtRUeqX4hbU6--fS0XbODg2vJDw6_ZQ6wrQANn78tvES0pbQU9PhZN2hYcfIELQGiYiZiOeRFw7nZ6fU1ub_iZqJ6byC99CSdpDFQWeKkmWkUU4x4ao1L0Ef3jCjtYc0Rln_duodNxiID_3RZ18HpB5vpDvM1ZTVaE3mIZy4Dh8J5yw3DU5-zOiCPw&hsutk=2767d93d6471d657e0c9f660e4b58ef8&utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fdifferences-between-a-good-and-bad-cyber-threat-intelligence-framework&canon=https%3A%2F%2Fblog.anomali.com%2Fdifferences-between-a-good-and-bad-cyber-threat-intelligence-framework&pageId=4361263250&__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&__hssc=41179005.106.1478831861868&__hsfp=1335165674" id="cta_button_458120_0a81b108-0c35-466f-8ccb-36ff661bc040" style="margin: 20px auto;" target="_blank" title="View It Here">View It Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'f68f0b2e-fb62-48eb-acd6-8b2ad6455083', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.