Subscribe

Know the security threats you are facing

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 04 Sept 2019

In a security landscape that is highly complex, brimming with determined adversaries and sophisticated threats, businesses can't defend themselves if they don't know what threats they are facing.

So says Tumelo Mashego, business unit manager for Forcepoint at Axiz, adding that even the largest organisations, with huge IT security budgets, have been breached.

She says all the cases we’ve seen over the last few years, including Google, Marriot Group, and Target, happened despite having the best security controls in place, and these companies ended up losing millions of customers' personal records. 

Traditional tools are failing, so companies need to get proactive and start using cyber threat intelligence, says Mashego. “Threat intelligence, or cyber threat intelligence, is information a company can use to better understand the threats they face, and which threats might be targeting the business. This information can be used to prepare, prevent, and identify cyber threats before they happen.”

She says the number of threats out there is growing every day, and any of them, if successful, could be catastrophic for a business. Threat intelligence gives organisations valuable insights that they should use to strengthen their security posture. 

This is particularly true, she adds, when it comes to advanced persistent threats (APTs). 

“APTs are far more sophisticated, systematic cyber-attacks that are prolonged, usually for weeks or even months, and are carried out by highly skilled bad actors. Their aim is to exfiltrate data, to commit sabotage or cyber espionage, or to steal intellectual property and financial information.”

The problem with APTs, says Mashego, is that they are designed to evade traditional security tools, often employing multiple vectors and entry points to gain a foothold on the corporate network. 

“They have been known to evade detection for months, and sometimes even years.”

Threat intelligence helps organisations keep up to date on the new threats, methods and tools used by attackers. “It will also keep them educated on the vulnerabilities, targets and different criminal cyber groups out there, she says.

Indicators of compromise

“Threat intelligence solutions gather as much raw data as possible on emerging or even well-known bad actors and their tools from a variety of sources. This data is then analysed, using a variety of methods, including machine learning and artificial intelligence, and is then filtered to produce threat intelligence feeds and reports that contain data that can be harnessed by automated security control solutions."

It does this by identifying common indicators of compromise, such as unusual outbound network traffic, geographical irregularities, DNS request anomalies, and many more, and recommends the steps needed to prevent a breach. 

Share