The prevalence of cyber-crime is, despite fantastic innovations in security, still an increasing challenge. Preventing and responding to network security threats is an industry which continues to grow in leaps and bounds each year. More and more companies are investing in a threat intelligence platform, and experts estimate cyber-security will be a $170 billion dollar industry by 2020. We can expect some ingenious developments in the next few years to come.
There is a new approach to studying cyber-crime; looking at their motivations rather than their methods. One might imagine skilled and “employed” hackers help themselves to more money than they know what to do with. Many are surprised to learn that hackers-for-hire generally take in around $30K a year. When you begin to understand how hackers choose targets, you can plan your defenses proactively.
One thing threat actors have in limited quantity is time. Deception traps capture hacker behavior for study as well as divert their energy. The more nuanced and convincing your honeypot network is, the better it will work to waste hackers’ time and drain their motivation. Making yourself a less desirable target is a big yet often overlooked strategy for avoiding attack.
Malware, spam emails, notorious IP addresses, add patterns to the ways traffic is analyzed for IOCs. Understanding a threat campaign can depend on looking back at a long period of time leading up to a breach. SIEM logs were trained for around three months, so hackers learned to be patient and rotate many “jobs” at once. As with the adage of the better mousetrap, programmers had to develop tools which go farther back in time.
As the volume of collected intelligent grows, the task of analyzing logs for matches becomes a bigger task. New intelligence platforms of the future will need a means for rapidly identifying threats. One option is to send your traffic data out through an encrypted channel for referencing against known IOCs, rather than storing ever-growing volumes of threat data locally.
Some features will become required in the US with the adoption of Cybersecurity Act of 2015. This rule encourages both private and public agencies to pool their threat intelligence. Government contractors began observing rules of the FAR mandate in June of 2016. Contributing collected indicators of compromise helps others, particularly members of your same industry to have the benefit of previously collected threat data. Sharing attacker IP addresses, tactics, etc. can be done for the greater good without further endangering your network. You can comply by sharing only the relevant data points, and have the agency choose your own circles of trust.
Basic security platforms are sure to change with the times. The firewall, SIEM platform, and anti-malware suite you’re using are all produced by entities who strive to keep up with new threats. Your threat intelligence platform must be dynamic enough to integrate seamlessly with these other solutions. To learn more about the future of scaling-up your threat intelligence, download our white paper.
Topics:Threat Intelligence Platform