Threat intelligence complements security measures that are designed to detect and block threats by analysing threats out ‘in the wild’, studying the strategies of threat actors and assessing counter measures.
This intelligence can identify threats to specific security technologies, industries and geographies, and identify the effective countermeasures.
In short, it’s not a case of one size fits all. Every organisation has its own unique data to protect and its own, unique set of applications and technologies that use and protect its data and support the operation of the business.
When choosing a threat intelligence service, it’s necessary to ask not just how good that service is at gathering threat intelligence, but how well it can understand your organisation, its vulnerabilities, the threats most likely to impact you, and the best means of countering those complex threats.
Such is the pace of change that a non-specific threat intelligence service could present masses of ‘intelligence’ not relevant to your organisation, creating an unnecessary and distracting burden on IT security staff, who already spend much time dealing with false positives.
Kaspersky ANZ General Manager, Margrith Appleby, says, “Threat intelligence needs to be part of the very DNA of running your operation.” She adds, “A new approach is needed because like all forms of security, it’s an ongoing effort; it’s not something that you do once and then put to one side.”
With the rise of remote working, the threat landscape changes constantly. Now in its 10th year, the annual Kaspersky’s Global Corporate IT Security Risks Survey reveals that phishing attacks have become more targeted and diverse in their approach as a result of the pandemic. Phishing and social engineering attacks on customer accounts were the top challenges cited by half of SMBs (50%) and enterprises (48%), closely followed by concerns around attacks on branch offices (44% for SMBs and 42% for enterprises). The main worries for decision-makers were data protection (59%), ensuring compliance with security policies and industry regulations (42%), and the cost of securing increasingly complex technology environments (41%).
In general, data protection remained the most concerning IT security issue for 59% of respondents, followed by security issues of cloud infrastructure adoption and business process outsourcing (43%) and downtime / loss of productivity (42%).
What to look for in a threat intelligence service
Cyber threat actors know no boundaries. They can be anywhere in the world and target your business wherever you operate. So the first requirement of a threat intelligence service provider is global reach because providers that focus only on a specific region might well leave you with a false sense of security.
Kaspersky’s report of the activities of the highly prolific malware group Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a good example of the importance of global reach. Researchers behind this report have periodically seen cybercriminals’ activities through the advanced persistent threats (APT) intelligence reports, and subscribers to that service already know this APT group has been operating without a break for the past four years. This group has been active since 2013 but between June 2019 and June 2020 researchers found more than 1,000 victims in 27 countries.
A good threat intelligence service should be looking inwards as well as outwards. Some of the intelligence most useful to your organisation comes from your own network. Data from intrusion detection and prevention systems, firewalls, application logs and logs from other security controls can identify patterns of malicious activity specific to your organisation. Good analysis can differentiate between a normal user and network behaviour abnormalities that can indicate an attack.
It is also important for information on threats to come with relevant context. Threat intelligence without context is simply data, and of limited value. Businesses need a threat intelligence service that can answer the question: “why does this matter?”
To reduce the burden on your cybersecurity staff of responding to threat information provided by a threat intelligence service, it’s important to choose a service that also offers some integration with the security tools the business has already invested in.
Helping you make the right choice
There are many choices, says Margrith Appleby. “The threat intelligence services market has become very competitive. The options are many, and complex. Choosing the service that’s right for your organisation can be a challenge.”
Kaspersky has more than two decades of experience in threat research. It employs a unique pool of global experts, its Global Research and Analysis Team (GReAT), empowered with advanced machine-learning technologies to detect even previously unseen cyberattacks and keep clients safe.
GReAT operates at the heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware and underground cyber-criminal trends across the world. This unique team comprises more than 40 security experts spread across Europe, Russia, the Americas, Asia and the Middle East. They bring unrivalled expertise, passion and curiosity to the discovery and analysis of cyberthreats.
Kaspersky also offers useful cybersecurity tools on its Threat Intelligence Portal. These enable you to check suspicious files, IP addresses, domains and URLs.
The leading cybersecurity firm’s vast experience of threat intelligence has been gathered into a whitepaper called Evaluating Threat Intelligence Sources. It explains the key features to look for with this new threat intelligence service, and shows you how to find the one that’s right for your organisation.
Download it here.