Cyber Security News

How Advancing Threat Intelligence Can Combat Cyber Attacks

Technology, demographics, economic and geopolitical forces are constantly shifting, creating a fluid cybersecurity environment. Cyber criminals are designing and implementing tailored malware, advanced persistent threats, massive Distributed Denial of Service (DDoS) attacks and an endless variety of other techniques to disrupt organizations of all types, across all industries. Faced with these challenges, security teams are developing new approaches to safeguard their organizations from a variety of increasingly sophisticated attackers.

In most attack scenarios, cyber criminals follow a standardized approach to infiltrate a target, including research, preparation, deployment and control.  This is also known as the “attack chain.” Each step has a distinct signature, if you know where to find it. With enough visibility into the extended network and robust intelligence, an attack can often be detected and stopped before it inflicts much damage. Intelligence comes from a variety of sources, including native intelligence from within the organization, commercially available information and ongoing analysis of user behavior. This combined intelligence enables the most effective detection of threats. Using the network to gather intelligence allows cyber defenders to gain a better understanding of what their adversaries are doing, and how to prevent it.

The most efficient way to limit the attack chain and protect valuable resources is to employ a security approach that is more sophisticated than the attackers’ abilities, and addresses the extended network environment. Since an attack can be broken down into stages, it is then essential to think of a response to an attack in stages as well – before, during and after. This cycle operates non-stop for anyone in the security profession.

Let’s take a deeper dive into each stage:

Before: Security teams are continuously scanning for areas where they may be vulnerable to infiltration. Classically, security has been all about defense. Today, teams are setting up ways to more intelligently halt intruders with total visibility into their environments – including, but not limited to protocols, users, content, physical and virtual hosts, operating systems, applications, services and network behavior. This knowledge can be used for defenders to take action before an attack has even begun.

During an attack, it is critical to understand what is occurring, and how to stop it as rapidly as possible. Security teams need to be able to continuously address threats. Tools including content inspection, behavior anomaly detection, context awareness of users, devices, location information and applications are critical to understanding an attack as it is unfolding. Security teams have to discover where, what and how users are connected to applications and resources.

After an attack or breach, security teams need to quickly understand the attack that occurred as well as how to analyze and mitigate the damage. Advanced forensics tools help defenders learn from attacks. Could anything have been done to prevent the breach? Where did the attacker come from? How did they find a hole in the network? Additionally, this type of retrospective security allows for an infrastructure that gathers and analyzes data to create security intelligence on an ongoing basis. Breaches that may have gone undetected for weeks or even months can be identified, contained and remediated much more quickly.

It logically follows that the most essential element of any defensive strategy is intelligence and understanding. Cybersecurity teams are constantly trying to learn more about who their enemies are, why they are attacking, and how.  This is where the extended network provides unrivaled value with a depth of intelligence that cannot be attained anywhere else in the IT environment. Much like in counter terrorism, intelligence is central to stopping attacks.

Similar to other areas of modern warfare, security in cyberspace is often an asymmetric situation. Smaller, faster adversaries with limited means can inflict disproportionate damage on massive adversaries. In these asymmetric environments, intelligence is one of the most important assets for addressing threats. However, intelligence alone is of little benefit without an approach that optimizes the organizational and operational use of that intelligence.

Network analysis techniques provide the ability to collect IP network traffic as it enters or exits an interface, allowing security teams to correlate identity and context, and then add to that threat intelligence and analytics capabilities. This allows security teams to combine what they learn from multiple sources of information, including the web, the network, as well as an ever-expanding amount of collaborative intelligence, gathered from exchange with public and private entities to help identify and stop threats.  

The most effective cybersecurity approach requires a framework that incorporates the central interests, opportunities, and challenges that an organization faces and aligns its governance, operations and enterprise capabilities to match. In other words, it allows defenders to think like attackers and better protect their environments. This framework must be guided by the enterprise security team’s own threat intelligence practice which combines commercial threat information with native analysis of user behavior to detect, protect against, and remediate security incidents as quickly and effectively as possible.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security May 2015 Issue cover

2015 May

In the May 2015 issue of Security, learn how to be the bridge between busieness and security with "customer facing," how to effectively work with your CFO, and covert security.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.