Intelligent CISO Issue 07 | Page 78

decrypting myths considering today’s changing threat landscape this leaves many businesses vulnerable to the cyberdangers out there. One thing that’s certain is that a dynamic and proactive security strategy is the best option for mitigating against risk. Security programmes must contain continuous improvement and budgets and effectiveness regularly validated to keep them on target with the challenges of the day. However, traditional risk evaluation is often done through point in time engagements which are soon out of date and supply chain audits are increasingly burdensome, diverse in method and costly. The security landscape will continue to evolve and we all need to work together if we’re going to be able to keep one step ahead of the cybercriminal. CIOs making a business or purchasing decision can now access a dynamic snapshot of their risk profile that is relevant to their industry. This is fused with company specific dark and deep web intelligence and utilises a company risk scoring tool-set enabling businesses to make data-driven security decisions based on their risk and efficiently adapt their security posture in real-time to address any gaps that are identified in their profile. A security that’s based on what’s happening right now is an obvious choice if you’re serious about protecting yourself against cybercrime. 2. Hunt and confront threats with intelligence The next step is engaging and using cyberintelligence to effectively hunt and confront cyberthreats head on. The timely automation and analysis of cyberintelligence is a game changer in beating cybercriminals at their own game. Used correctly, cyberintelligence can make the difference between preventing a serious cyberattack – or an attack bringing a business to a standstill. Verizon operates one of the largest global IP networks, which gives us insight into what threats are being made against a large portion of the world’s data traffic. Cross referencing this 78 with intelligence gleaned from over a decade of analysis from our DBIR series, enables us to offer our customers a treasure trove of cyberintelligence that is hard to beat. This information enables a security professional to identify threats early in the cyber-kill chain and put combative action into place. Basically, this enables us to help our customers to hunt out cyberthreats early in the game. 3. Optimise the usage of data you already have to track cyberthreats Not every business has the budget or opportunity to engage professional security personnel to help review cyberintelligence to determine what security solution is required. However, there are automated, end-to-end, threat hunting tools available that optimise data organisations’ already have. They perform much of the identification, investigation, analyses and decision- making of security professionals, but with computer-driven precision, speed and scale. They work by automating the hunt for compromised or infected assets by applying data science concepts and Machine Learning technologies, transforming gigabytes of log data, multiple threat intelligence feeds and varied raw threat indicators into a prioritised list of high-quality alerts with reduced false positives. Issue 07 | www.intelligentciso.com