Connect with us

Hi, what are you looking for?

OPINIONS

Critical questions a threat intelligence service should be able to answer

How could you pick and assess which provider is better than the other? Let’s go through some vital questions they should be able to answer for you and your security team.

By Yeo Siang Tiong
General Manager for Southeast Asia, Kaspersky

The new decade opened with the commercialization of 5G networks, further implementations of Artificial Intelligence, and the increased use of data analytics.

Aside from these revolutionary breakthroughs, there is one underlying trend that we should not miss — the heightened importance of intelligence in this digital age. In Southeast Asia alone, researchers at Kaspersky have monitored an increased activity of major Advanced Persistent Threat (APT) groups waging sophisticated cyberespionage against government-related organizations and even entities.

These malicious actors are upping their game with new attack tools to siphon information from governments, military entities, and organizations. What are they aiming to get their hands on? Confidential intelligence.

Advertisement. Scroll to continue reading.

Interestingly, another kind of intelligence can help nations and even enterprises to keep their secret data safe. Threat intelligence. This technology can help an organization understand the threats that have, will, or are currently targeting their networks. It should also serve as a foundation of an organization’s cybersecurity strategy.

I am well aware that there are dozens and dozens of companies now offering this service. How could you pick and assess which provider is better than the other? Let’s go through some vital questions they should be able to answer for you and your security team.

1.      How suspicious is this file? In what aspects?

Let’s be honest, there are two realities in an IT security environment of any organization — understaffing and the overflowing detections and false positives. With most IT departments understaffed these days, is your team ready to deal with the overwhelming assault of threat data coming your way?

The reality is, not every file is malicious or requires special attention, with some of them easily dealt with by your basic anti-virus software. A proper threat intelligence feed should be able to filter out false positives and allow you to focus on the threats that really matter.

Advertisement. Scroll to continue reading.

It is important to clear the line here. Endpoint security does detect but only classifies a file in terms of a basic Clean/Dangerous verdict. That’s it. Analytic tools which should be in a threat intelligence system should be able to provide you with a detailed information on how suspicious and malicious a file, a hash, an IP address, and even a URL is.

Such information includes their behavior, the exploit techniques, how rare the detected malware is, what tools were used by cybercriminals to be able to create it, and if you are to use a threat intelligence tailor report, it would be able to provide you with its history, who are its makers, its usual targets, and more.

2.      Who is conducting the attack? Is it a trend I should be worried about?

See, a threat intelligence service should be based on a solid database of threats combined with expert analysis. It should not be a mashed-up combination of reports from one company to another.  

Why are comprehensive database and technical insights important? These are foundations of a good threat intelligence. With real-time data from all over the globe and threat monitoring through machine learning analyzed by human brains, you will be able to get a better context about a malware.

Advertisement. Scroll to continue reading.

Your threat intelligence service provider should be able to give you a malware’s full resume, including its malware family, indication of compromise, historical statistics, and even its alleged “parents”. This is the part where a simple malicious file, hash, URL, and IP address may be linked to an APT attack and it is worth underlining that an in-depth APT report should be part of your threat intelligence service. This report should also include the target sectors, possible attributions, and motivations.

With the report giving context about a simple detection, you will know how to respond and even to beef up your existing security environment.

3.      What actions should I take? What security changes should I make?

Now, the million-dollar question for one looking to ask a threat intelligence service: Can you predict the future? Believe it or not, a good threat intelligence service can actually provide you with the answer that might come across as mere fantasy to most people.

As part of your cybersecurity toolkit, a good threat intelligence service should be able to offer you tailored intelligence reporting. Such a report would ideally paint a comprehensive picture of your current attack status, vulnerable spots ripe for exploitation and revealing evidence of past, present and planned attacks. Correlating the previous threats, present detections, and the possible future attacks are essential to know how you should adapt your IT security posture. Remember that threat intelligence should always be actionable.

Advertisement. Scroll to continue reading.

With such unique insights, your organization will be empowered to shore up its cybersecurity defenses and ward off attacks heading your way. With these data you will be able to get a better grasp on how to handle it and how to move forward. Without these data, your staff may end up chasing their own tails.

These questions represent just the tip of the iceberg but should form the basis of your threat intelligence assessments.

Each organization is unique in terms of infrastructure and policies. One thing is for sure, no sophisticated cybercriminals can outsmart a security defense with a fully functioning system armed with real-time brain juice of threat intelligence.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

Advertisement