Security Market Segment LS
Wednesday, 23 March 2016 14:12

Security – share your intelligence to beat the bad guys


Only 42% of cyber security professionals use shared threat intelligence, even though 97% believe it improves their organisation's security posture. You can’t beat the bad guys unless you help the good guys to win.

You have to do more than think about it. Intel Security (McAfee) conducted 500 interviews with security professionals in a wide variety of industries and regions to understand their views and expectations around cyber threat intelligence (CTI) sharing. The report found that awareness of CTI is very high and that 97% of those who share CTI see value in it. However, the report also found that there’s a conflict between users’ willingness to receive CTI and their willingness to share it, with most wanting to receive it (91%), however far fewer (63%) are very likely or only somewhat likely to share CTI.The research also found the following:

  • 72% of survey respondents using shared CTI ranked malware behaviour as the data they are most willing to share, followed by URL reputations (58%), external IP address reputations (54%), certificate reputations (43%), and file reputations (37%)
  • Respondents perceive the greatest barriers to cyber threat intelligence sharing are corporate policies (54%), industry regulations (24%), and a lack of information on how it would be used (24%)

CTI is about sharing. McAfee Global Threat Intelligence (GTI) provides insight into attack volumes that its customers experience. In Q4, 2015 customers saw the following attack volumes every day:

  • On average 47.5 billion queries per day.
  • More than 157 million attempts were made (via emails, browser searches, etc.) to entice our customers into connecting to risky URLs.
  • More than 353 million infected files were exposed to customers’ networks.
  • 71 million potentially unwanted programs attempted installation or launch.
  • 55 million attempts were made by customers to connect to risky IP addresses, or those addresses attempted to connect to customers’ networks.

Security professionals have relied primarily on signature and behavioural-based to block a threat. Both methods are effective but what about particularly complex threats, some of which have yet to be discovered?

How do you stop zero-day attacks that slip under the radar? That is where cyber threat intelligence comes into play. CTI goes much deeper than just a list of IP addresses with poor reputation scores or hashes of suspected bad files.

CTI is evidence-based knowledge of an emerging (or existing) threat that can be used to make informed decisions about how to respond. It provides the context around how the attack takes place, identifies indicators of attack (IoA), indicators of compromise (IoC) and potentially the identity and motivation of the attacker.

Security practitioners and security technology can use CTI to protect better against threats or to detectthe existence of threats in the trusted environment. Expectations are high that ‘integrated’ CTI will significantly improve system and network security.

Intel Security says for CTI exchange to work effectively, established technical standards for sharing information are critical. There have been multiple efforts to try to settle on a single format for sharing cyber threat intelligence but most were focused on a specific area, such as incident response.

In 2010, MITRE, under the direction of and with funding from the US Department of Homeland Security (DHS), began development of a threat information architecture with the goal of producing a representation of an automatable cyber threat indicator. This was the first effort to focus specifically on creating an automatable, structured representation of the cyber-threat lifecycle, related message format, andexchange protocol. The effort produced three specifications:

DHS worked to transition the development and ownership of specifications to the Organization for the Advancement of Structured Information Standards (OASIS). OASIS has created the OASIS Cyber Threat Intelligence (CTI) Technical Committee (TC).

The CTI TC created subcommittees for each of the specifications, as well as an interoperability subcommittee. OASIS will develop, maintain, and release all future versions of STIX, TAXII, and CybOX.Intel says CTI is gaining traction within the security industry as a way to combat advanced threats.

The use of CTI will become a critical component of organizations’ defences as structured, enriched data will allow organizations to respond more quickly, with a better view of the cyber event landscape. 

The full report is here. It has some interesting statistics (on page 33 onwards) on malware, mobile malware, the rise of OS X malware, ransomware and more that are too lengthy to reproduce here.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments