News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Thwarting network intrusion attempts with threat intelligence

Although threat intelligence is by no means a revolutionary or new concept, many organisations still do not implement it internally. Armed with a good understanding of, and assisted by, the application of threat intelligence, companies can prevent intrusion attempts and better safeguard their network and data.

Threat intelligence refers to information about potential adversaries and their behavioural patterns. It is created when a series of pieces of raw data is analysed to give a more complete image of the big picture/activities occurring within your business landscape. Effective threat intelligence will help you determine not only where an attacker has already been in a network but also where he is likely to go and how he will get there.

"Raw data without intelligence is of limited value to assist in the mitigation of risk," stated Gregory Anderson, country manager of Trend Micro South Africa. "To detect an adversary in a network, an analyst needs to know what to look for, which is where threat intelligence comes into play.

Years of undetected data exfiltration

"Once an attacker infiltrates a network, understanding his tactics, techniques and procedures (TTPs) can spell the difference between quick successful detection and years of undetected data exfiltration. It is this difference that confirms the necessity of threat intelligence," he said.

An organisation can obtain external threat intelligence in two ways - partnering a threat intelligence provider or utilising automated software. Threat intelligence providers have skilled employees who understand threat actors and TTPs, and typically provide their clients two deliverables - reports and feeds.

Reports typically focus on a single subject while feeds are sources of data that can typically be included in automated network defences. Supplied by security vendors, enterprise-quality products are kept updated with the latest threat indicators that can also help protect networks.

Whether an organisation contracts a vendor or not, if it has the opportunity it should still set up its own internal threat intelligence group (ITIG). An organisation's ITIG will be responsible for monitoring the Web for any reference to the company and for researching any group or "actor" they believe may be a threat.

Another way to thwart network intrusion is through penetration testing. If an organisation is not part of an industry that is required to conduct regular penetration tests, it should consider doing so. Penetration testing can help identify areas in the network that need to be improved and patched.

"Today, business needs to be one step ahead of attackers, putting systems in place that not only clean up the mess they leave in their wake, but that are able to prevent their entry altogether. Threat intelligence is one of these areas where we can play an active role in curbing threats to our business and, at the same time, ensure that we are able to keep closer guard of our data," ended Anderson.

Let's do Biz