by Jonathan Zhang, Founder, and CEO, Threat Intelligence Platform
Threat intelligence (TI) has caught the eye of CSOs and cybersecurity teams seeking to fight cybercrime strategically while allocating IT security budgets more efficiently. In fact, 60% of organizations already implemented TI initiatives, and 78% of practitioners feel that their security capabilities and responsiveness to threats have increased as a result.
While these numbers show that the popularity of TI is on the rise, some security professionals do not yet see the full value of TI and what it can do for their organizations in concrete terms. This post aims at bridging that knowledge gap, looking at five practical applications and how TI connects to common cybersecurity efforts you might be currently undertaking.
- Malware Detection
From ransomware to spyware to viruses, it’s hard to keep track of the countless forms of malware emerging every day around the world. As part of their evidence-based data collection process, TI applications typically conduct thorough domain malware checks and retrieve actionable information from major anti-malware databases — e.g., detailing the nature of such attacks and their evolution and sharing best practices around how to detect and tackle them.
Security analysts who can get access to this centralized information avoid a lot of redundant and repetitive work. Instead of researching each malware that may affect them, TI makes it possible to proceed directly with the analysis of IT systems and, if necessary, the removal of known malicious software with tried-and-tested techniques.
- Phishing Prevention
Gone are the days when all phishing threats could be spotted with the naked eye. Today’s social engineering attacks such as spearphishing and website forgery are highly sophisticated and convincing. TI can support security professionals and other employees with the detection of advanced scams by collecting data from reliable public sources — like whois data — and identifying signs of fraud that include:
- Newly registered domain names similar to those of well-known brands and companies
- Contact details that differ across touchpoints and are inconsistent with verifiable records
- Strange domain activity, e.g., domain owners and hosting providers changed multiple times within a short period
- Vulnerability Investigation
The likelihood of successful cyber attacks remains high no matter how much organizations invest in protecting their infrastructure and data. Understanding the cause of a breach, however, can be challenging, especially when working with multiple internal systems and third-party applications.
In that context, TI can be used as an investigative instrument, checking for the most salient vulnerabilities, and providing an overview of potential weak links — e.g., misconfigurations, poor encryption, and malicious files that may have caused the loss of sensitive data.
- Cyber Defense Optimization
Even when no data breach has occurred, various organizational changes require security professionals to reconsider whether their company’s cyber defenses are still optimized — e.g., mergers, acquisitions, spin-offs, joint ventures and partnerships, outsourcing of business processes, and software and hardware upgrades.
IT operations may evolve drastically in such instances, potentially leading to new gaps exploitable by hackers and scammers. TI can help to spot emerging weaknesses resulting from business decisions and establish a cybersecurity roadmap to tackle these by investing in new tools and software or reconfiguring and harmonizing systems.
- Security Awareness
Not all cyber attacks can be prevented through technology, however. It’s not rare for threats to go undetected by antivirus, firewalls, and other applications — meaning that regular employees often end up as the last line of defense against hackers and scammers.
For that reason, it’s essential to keep staff informed about the dangers that may come their way. TI insights can assist with the coordination of security awareness initiatives bearing in mind existing IT vulnerabilities and, therefore, where cybercriminals are the most likely to strike.
More and more organizations are allocating resources to the practice of threat intelligence, practically relying on it to detect and tackle malware and phishing, investigate their infrastructure’s weak spots, and empower targeted security awareness.
About the Author
Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP). He has vast experience in building tools, solutions, and systems for CIOs, security professionals, and third-party vendors and enjoys giving practical tips for better threat detection and prevention.