Is cyberthreat intelligence becoming increasingly important in the battle against cybercrime?
By John McLoughlin, MD, J2 Software
Cyberthreat intelligence is not becoming increasingly important. Cyberthreat intelligence is already critically important in the battle against cybercrime. It is just unfortunate that so many do not make use of service providers and platforms that provide access to multiple threat intelligence feeds from around the world.
In the world of cybercrime, there are more and more attacks being deployed on an almost daily basis. The battlefield is getting wider and the number of attackers is increasing. Without continually updated cyberthreat intelligence, traditional defence systems are obsolete. It is great if your defence is playing one on one, this is easy to defend. However, this does not work as well when your defence is now lining up against the leading offence from 10 different conferences.
Cyberthreat intelligence needs to be incorporated into the layered defence strategy and automatically applied to existing and changing defensive patterns. The days of static defence and waiting for an infiltration must be gone. We must ensure that we have a proactive defence, responding to anomalies as they occur and patching holes automatically. Reliable and authenticated cyberthreat intelligence does this for you.
Building this evolving threat information into your security platform allows you to stay abreast of new threats and challenges using automation without human intervention. Even the best of us will be awake for only 16-18 hours a day and must use this time for defence, life and family. Without using cyberthreat intelligence, combined with automation and ongoing monitoring, you will end up constantly chasing your attackers across the widening cyber battlefield, running from side to side without making any forward progress.
We are in a hyper connected world and things which take place on one side of the planet are easily replicated on the other side in a matter of minutes. This hyper connectivity allows cyberattacks to replicate themselves rapidly to hundreds of thousands of machines in different countries on multiple continents. Applying this same pattern, we can use verifiable and reputable cyberthreat intelligence feeds to share information and specifics on attacks around the world in the same period.
If we see a cyberattack surface in London, it is identified and correlated – updates are made to the cyberthreat intelligence feeds and within minutes defence platforms in hundreds of countries are automatically alerted and armed to the attack. Behaviour patterns are understood and when that attack tries its luck somewhere else, like in Johannesburg, our defence is already in place, killing the attack in its tracks.
The sharing of cyberthreat intelligence is a crucial part of staying up-to-date with evolving threats and making sure we keep our collective defence well placed in front of the growing number of attackers. Single layer and traditional methods of securing environments are gone, so visibility tied into cyber threat intelligence feeds goes a long way in knowing how to keep safe.