August 12, 2016
Joe Franscella

What A Bad Threat Intelligence Platform Could Cost You

<p>It’s an unfortunate fact that network breaches and other cyber-security events are an inevitable reality. US businesses <a href="" target="_blank">spent over $100 billion</a> resolving cyber-security events last year, and they are especially prevalent in high-stakes industries like finance, retail, and the military. Still, these figures numbers are understood to be low, as most organizations are reluctant to admit publically they’ve experienced troubles.</p><p>Any shortcomings that leave you vulnerable to threats are not acceptable. So, what can make an enterprise cyber-security software package “bad”?</p><p>Un-intelligent intelligence relies more on automation than evidence-based reasoning. It’s impossible for a threat intelligence platform to guard your resources and secrets from competitors and other adversaries right out of the box. Sources of traffic and the destinations visited as well as other aspects of user traffic behavior that qualify as suspicious must be well defined based on your individual situation. The applications must be configured well enough to identify signs that have meaning to the users.</p><p><strong>Sending your response team too many alerts</strong> – Investigating alerts requires hours of work to be performed by highly trained security specialists. Excessive alerts have a direct cost to the enterprise. Also there is an indirect cost associated with them: the alerts lose their urgency after people have become fatigued by false alarms. When a significant breach does occur, staff may be slower to respond. Make sure you choose a threat intelligence platform that can <a href="{page_3233}">improve its alerts by learning</a> to separate acceptable pings from actual suspicious behavior.</p><p><strong>Not detecting internal threats</strong> - If you are relying on a firewall to surround and protect your data, you’re missing the big picture. A bad threat intelligence platform will fail to catch indicators of compromise predicting a problem coming from within. For example, in a case of an outside contractor coming in to intentionally perform corporate espionage, an unintelligent system will not detect that they’ve browsed, copied, or sabotaged files that don’t concern them. Employees make unintentional errors very frequently, and can become threats if they are <a href="" target="_blank">unhappy enough to “go rogue.”</a></p><p><strong>Some platforms cannot sample enough data</strong> - Don’t commit to a threat intelligence platform that fails to log far enough into the past. Timing and access patterns are a major component of identifying suspicious patterns indicative of a threat. When your platform can only handle two or three month’s back traffic, you’re vulnerable. Hackers know <a href="">not every system can log a year</a> back. They have become patient and adopted the tactic of spacing out the steps of their attack as to evade detection.</p><p>Deception traps that are detectable can do more harm than good. If the threat actor probing your network can tell the entity is a honeypot they will not be fooled into incriminating themselves. There is a small chance that spotting one honeypot can deter their efforts, but they can also feed you misinformation or feel provoked to demonstrate their hacking abilities. Some telltale signs of a honeypot:</p><ol><li>Too many ports are open</li><li>Software package signatures unchanged</li><li>Just not convincing</li></ol><p>Reports estimate personal data breaches cost a business over $150 <em>per record</em>. If other parties are harmed through your “negligence”, <a href="" target="_blank">you can be held responsible</a>. Criminal, civil, and social consequences are on the line when people’s privacy and business dealings are affected.</p><p>Don’t let gaps in your cyber-security be the downfall of your enterprise. Find out more about starting a comprehensive threat intelligence program in our whitepaper <em>Building a Threat Intelligence Program</em></p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-f68f0b2e-fb62-48eb-acd6-8b2ad6455083"><span class="hs-cta-node hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" data-hs-drop="true" id="hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" style="visibility: visible; display: block; text-align: center;"><a class="cta_button " cta_dest_link="{page_3451}" href="" id="cta_button_458120_0a81b108-0c35-466f-8ccb-36ff661bc040" style="margin: 20px auto;" target="_blank" title="View It Here">View It Here </a> </span> <script charset="utf-8" src=""></script> <script type="text/javascript">hbspt.cta.load(458120, 'f68f0b2e-fb62-48eb-acd6-8b2ad6455083', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.