The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Biological Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 07-10-2018, 10:20 AM
Boats's Avatar
Boats Boats is offline
Senior Member
 

Join Date: Jul 2002
Location: Sauk Village, IL
Posts: 21,784
Arrow Four Keys to Leveraging Cyber Threat Intelligence

Four Keys to Leveraging Cyber Threat Intelligence
July 10, 2018 | by Tom Topping
RE: https://www.fireeye.com/blog/executi...elligence.html

Good intelligence is key to defending government agencies against cyber security threats. It’s only natural that agency leaders are interested in establishing cyber threat intelligence programs. However, an effective program depends on knowing what it means to have ‘good intelligence’ in the first place.

One approach is to distinguish between data and intelligence. Agencies, particularly nowadays, have access to tremendous amounts of data. They also have access to cyber threat indicators through the Department of Homeland Security’s Automated Indicator Sharing capability (DHS-AIS) and other sources.

But not all of that data is meaningful. The data requires analyses that generate insights. In turn, those insights become intelligence. Good intelligence is characterized by insights that are useful, timely and accurate.

Effective cyber threat intelligence programs generate useful, timely and accurate insights to help leadership manage the agency’s overall risk. Here are 4 essential steps to building a program that allows that to happen:

What’s at Stake?

An effective cyber threat intelligence program can only take shape after agencies identify what’s at stake. First, understand what’s being protected. What would a threat actor want to steal or destroy? For some agencies, it’s credit card data. For others, it’s personnel files, medical records or intellectual property. And for others it’s a combination of data assets.

Having a grasp on what data is most valuable, along with the consequences if that data is breached or destroyed, enables agencies and their leaders to appropriately define their risks.

Identify Threat Actors

Identifying the data at risk simplifies the problem of categorizing potential threat actors and their means of attack. In other words, knowing what data someone might want to come after leads to insights about who might come after that data.

Different threat actors with different aims deploy different tools and different tactics, techniques and procedures (TTPs) to breach organizations and compromise information. Once agencies have outlined what’s at stake and the consequences of a breach, this is when cyber threat intelligence becomes useful.

Align Intelligence & Risk Management

Cyber threat intelligence is more effective for agencies when it’s focused on the most likely threat actors and their likely means of attack. Agencies can’t protect everything from everyone. From a leadership perspective, the goal is strategic risk management instead. Ideally, cyber threat intelligence enables agencies to combat more threats and the most potentially devastating threats with the same resources.

Cyber threat intelligence programs support this goal best when they’re focused on protecting data that needs protecting the most, and protecting it in ways that anticipate the tools and techniques threat actors will use to attack.

An agency overwhelmed with activity might use intelligence to prioritize threats with the greatest potential impacts to their operations. While a commodity criminal operation could cause a security organization a lot of grief, it may be a distraction when compared to another more virulent nation-state threat. For example, one financial organization we know is taking proactive steps to prepare for an Iranian threat, given recent geopolitical developments. The decision to focus resources on this threat is based on the historic risk posed by Iranian threat actors and the steps that are being taken are guided by specific tactical and operational intelligence on the actors’ TTPs.

Drill Into Operations

Strategic risk management, when it’s informed by cyber threat intelligence, extends from the executive offices down to the operational level. In fact, the function and necessity of good cyber threat intelligence is to facilitate conversations that can span from tactical to strategic.

Knowing which threats are critical at the operational level allows agencies to make decisions about how to deploy cyber operations, tools and people to align against those threats.

When things are working properly and the cyber threat intelligence is deep and current (up-to-date), agencies can plug their indicators and TTPs into their sensors and review the parts of their systems where threat actors are going to operate.

Ultimately, good cyber threat intelligence flows to the very front line, so security personnel have the data and direction they need to neutralize threat actors who are most concerning to the agency. The best path to achieving this potential is to define organizational goals around cyber threat intelligence.

Specifically, agencies should start by listing stakeholders in the organization that are relevant to cyber threat intelligence. In most agencies, that includes the Secretary or board of directors, down to the SOC and CERT and incident response teams.

After stakeholders have been identified, the next step is to gather their requirements, to find out what they want to achieve, what they want to come out of a cyber threat intelligence program. That information should be analyzed against the threat, at which point agencies can review their current sources of raw intelligence and identify gaps.

At this point, they can also determine which of those sources are machine readable, which are easy to integrate and automate, and where humans will still need to act.

This type of systematic review, not just on tools but on human resources, can lead to a lower risk profile and greater efficiency as your entire team focuses on the most valuable aspects of the cyber defense mission.

Visit the FireEye website for more information about cyber risk assessment and incident response tools that can help manage cyber security operations. I was also recently interviewed by Federal News Radio as part of Carahsoft’s “Innovation in Government” series. Listen to the interview to learn even more about cyber threat intelligence.
__________________
Boats

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

"IN GOD WE TRUST"
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 06:54 AM.


Powered by vBulletin, Jelsoft Enterprises Ltd.