Security Market Segment LS
Wednesday, 23 March 2016 14:12

Security – share your intelligence to beat the bad guys

By

Only 42% of cyber security professionals use shared threat intelligence, even though 97% believe it improves their organisation's security posture. You can’t beat the bad guys unless you help the good guys to win.

You have to do more than think about it. Intel Security (McAfee) conducted 500 interviews with security professionals in a wide variety of industries and regions to understand their views and expectations around cyber threat intelligence (CTI) sharing. The report found that awareness of CTI is very high and that 97% of those who share CTI see value in it. However, the report also found that there’s a conflict between users’ willingness to receive CTI and their willingness to share it, with most wanting to receive it (91%), however far fewer (63%) are very likely or only somewhat likely to share CTI.The research also found the following:

  • 72% of survey respondents using shared CTI ranked malware behaviour as the data they are most willing to share, followed by URL reputations (58%), external IP address reputations (54%), certificate reputations (43%), and file reputations (37%)
  • Respondents perceive the greatest barriers to cyber threat intelligence sharing are corporate policies (54%), industry regulations (24%), and a lack of information on how it would be used (24%)

CTI is about sharing. McAfee Global Threat Intelligence (GTI) provides insight into attack volumes that its customers experience. In Q4, 2015 customers saw the following attack volumes every day:

  • On average 47.5 billion queries per day.
  • More than 157 million attempts were made (via emails, browser searches, etc.) to entice our customers into connecting to risky URLs.
  • More than 353 million infected files were exposed to customers’ networks.
  • 71 million potentially unwanted programs attempted installation or launch.
  • 55 million attempts were made by customers to connect to risky IP addresses, or those addresses attempted to connect to customers’ networks.

Security professionals have relied primarily on signature and behavioural-based to block a threat. Both methods are effective but what about particularly complex threats, some of which have yet to be discovered?

How do you stop zero-day attacks that slip under the radar? That is where cyber threat intelligence comes into play. CTI goes much deeper than just a list of IP addresses with poor reputation scores or hashes of suspected bad files.

CTI is evidence-based knowledge of an emerging (or existing) threat that can be used to make informed decisions about how to respond. It provides the context around how the attack takes place, identifies indicators of attack (IoA), indicators of compromise (IoC) and potentially the identity and motivation of the attacker.

Security practitioners and security technology can use CTI to protect better against threats or to detectthe existence of threats in the trusted environment. Expectations are high that ‘integrated’ CTI will significantly improve system and network security.

Intel Security says for CTI exchange to work effectively, established technical standards for sharing information are critical. There have been multiple efforts to try to settle on a single format for sharing cyber threat intelligence but most were focused on a specific area, such as incident response.

In 2010, MITRE, under the direction of and with funding from the US Department of Homeland Security (DHS), began development of a threat information architecture with the goal of producing a representation of an automatable cyber threat indicator. This was the first effort to focus specifically on creating an automatable, structured representation of the cyber-threat lifecycle, related message format, andexchange protocol. The effort produced three specifications:

DHS worked to transition the development and ownership of specifications to the Organization for the Advancement of Structured Information Standards (OASIS). OASIS has created the OASIS Cyber Threat Intelligence (CTI) Technical Committee (TC).

The CTI TC created subcommittees for each of the specifications, as well as an interoperability subcommittee. OASIS will develop, maintain, and release all future versions of STIX, TAXII, and CybOX.Intel says CTI is gaining traction within the security industry as a way to combat advanced threats.

The use of CTI will become a critical component of organizations’ defences as structured, enriched data will allow organizations to respond more quickly, with a better view of the cyber event landscape. 

The full report is here. It has some interesting statistics (on page 33 onwards) on malware, mobile malware, the rise of OS X malware, ransomware and more that are too lengthy to reproduce here.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Ray Shaw

joomla stats

Ray Shaw [email protected]  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments