Intelligent CISO Issue 02 | Page 29

RAMON VICENS , CTO , BLUELIV

?

oday ’ s threat

T landscape is becoming increasingly volatile as actors use ever-more sophisticated techniques to attack organisations around the world .

The reality is that any company that holds valuable data – from confidential company credentials to PII to industrial IP – is at risk of being attacked .
Though there is still significant work to be done in education , thankfully many organisations are waking up to the idea they should be looking beyond their perimeter to detect and prevent attacks before they happen , protecting themselves from the outside in using targeted , actionable threat intelligence .
We are also seeing growth in professional collaboration across the industry . Communities like our Threat
Exchange Network are attracting a more diverse and global membership than ever before , demonstrating increasing cooperation among cybersecurity professionals , academics , LEAs and analysts ; cyberattacks are a challenge we face together .
There is no single measure or technology that can achieve total defence so organisations need to put in place different complementary solutions to minimise both risk and impact . The answer is actionable , relevant , cyberthreat intelligence .
Misconceptions
Unfortunately , put simply , many organisations simply don ’ t yet grasp the value that this new wave can bring them and remain blinkered by assumptions .
For example , there is an assumption that a threat intel service demands yet another messy integration into an already-complex cybersecurity setup .
This isn ’ t the case ; cloud-based solutions offer frictionless usability and have multiple options for feeding other security appliances .
There is another assumption that threat intelligence leads to information editor ’ s question
overload , decreasing overall efficiency . However , advances in automation and machine learning mean we can provide targeted and relevant information with minimal false positives , enabling organisations to save time and resources by improving their incident response and boosting productivity .
Finally , many organisations fail to realise that threat intelligence needn ’ t just be another data feed to plug into their SIEM .
The biggest value add from threat intelligence providers is their ability to contextualise external threat data with internal incident information , helping organisations keep pace with a dynamic threat landscape .
Advantages
Accurate and actionable threat intelligence should be a fundamental component of any security strategy . Indeed , accurate threat intelligence is critical in order that organisations do not drown in data or chasing intelligence that provides no context or actionability .
Proactive threat monitoring improves resilience in several ways but the key is using fresh , actionable intelligence to eliminate blind spots in your threat landscape . Monitoring should also go far beyond the open or even deep web and include the dark web too ; only a handful of companies currently do this .
Targeted intelligence helps detect your weak points before they can be exploited , allowing you to bolster your security posture where necessary .
It also accelerates your orchestration capabilities and as a result enhances incident response teams ’ management of a critical situation .
Complementary threat intelligence services can help you radically reduce attack success rates and Blueliv remains the only provider to offer this in real-time . Fresh , actionable intelligence makes your attack surface more robust and perimeter more secure . The more secure your perimeter , the less appealing you are to cyberattacks . www . intelligentciso . com | Issue 02
29