Johannesburg, 06 Jul 2018
Companies are having to invest increasing amounts in gathering threat intelligence in an effort to stay ahead of cyber criminals. Rene Bosman, Manager at Infoblox Africa, says: "Upfront knowledge about current and potential threats can help you identify security risks to your business so you can make informed decisions and defend against them."
The recent Liberty Holdings hack has sparked concern that other businesses could be equally vulnerable to cyber criminals. But, is it possible to predict and defend against attacks of this nature? Certainly, according to Bosman, if the right measures are in place.
To proactively detect and combat cyber attacks like ransomware or malware, an organisation must actively collect threat intelligence from a variety of sources and rapidly disseminate information about those threats throughout the entire security infrastructure. Threats can come from internal as well as external sources, and can come in the form of malicious IP addresses, host names, domain names and URLs.
However, the usefulness of that threat intelligence is all too often hampered by siloed information, lack of context to make actionable decisions, and an inability to categorise by category. The result is slow, if any, remediation.
Bosman explains: "The majority of businesses have access to different types of threat intelligence that come standard with certain solutions, such as next-generation firewalls, Web proxies, SIEMs, network access control, vulnerability management, advanced threat protection, and endpoint security. However, each of these data feeds need to be regularly updated or there's no point in having them. If regular updates aren't carried out, the threat intelligence won't be accurate or current."
It's also possible to miss something that's happening on the network if the threat intelligence is coming from disparate systems that don't speak to one another.
Secondly, he continues, businesses often face the challenge of how to prioritise threats by category, ie, is it a firewall threat, an application layer threat or a DNS threat? Finally, there's the matter of what action to take around the threat.
Bosman says in order to stay on top of cyber threats that are out there, businesses need to deploy a platform that integrates and consolidates multiple threat intelligence data feeds and communicates the relevant information with the right level in the organisation. "Providing a single pane of glass view of current and emerging threats makes it easier for the business to respond to those threats more quickly and in the right way.
"The platform needs to consolidate all the data that customers have access to, both internal and external. The more feeds that are plugged into the platform, the more accurate the data becomes. If you only rely on one feed, you'll get false positives, which you want to eliminate as much as possible."
There are several key benefits to implementing a platform to manage threat intelligence. Bosman goes on to list them:
* Collects and manages real-time curated threat intelligence from internal and external sources in a single, open and flexible platform;
* Enables threat prioritisation with context by providing over 300 distinct threat classifications and over 20 properties leading to faster threat remediation;
* Improves security posture and situational awareness of your organisation by sharing the curated threat intelligence data with the security infrastructure; and
* Prevents malware communications with C&C sites and data exfiltration by providing real-time threat feeds at the DNS control plane.
Failure to take additional measures to help your business manage its threat intelligence could place the business at risk of a Liberty-level data breach, in which 40 terrabytes of data was compromised and held to ransom. Bosman says: "The higher the quality of the data feeds and the ability to share this data with its right function, the easier it is to integrate and consolidate them, the greater the likelihood that your business will be able to take action much sooner, thereby shortening the kill chain as much as possible."
Sponsored content
For additional information about Infoblox Threat Intelligence Data Exchange (TIDE) or Dossier, click here.
Share