The constant requirement for up-to-date cyber security information is driven by threats that change by the hour, and sometimes by the minute. Enterprises are increasingly investing in proactive threat detection, utilizing preventative measures to mitigate the potential of a breach. Among the more successful strategies is threat intelligence analysis.
Threat intelligence is accessible through a paid commercial service, but it’s also possible to access valuable cyber security information through open source information on data feeds. Tools like these collect information about specific IP addresses and domains associated with malware or malicious infrastructures. A feed like this can provide blocks that serve as a preventative and sometimes as an automated block. They also provide context to an ongoing attack and may lead to the attribution of an attacker.
Another strategy is to access intelligence through a public source via the internet that might provide clues to some suspicious activity, without the benefit of specific indicators. An example of this is an observation on a web hacking site in which a leaked router configuration is being discussed. Another example could be an employee that threatens to hack their company’s system before quitting their job.
A company being targeted in these ways should be aware of it before the attack happens and have a plan in place for mitigating the cyber security threat. This approach is far preferable than cleaning up a breach with attorneys and dealing with the negative fallout in the press.
The challenge is in detecting the information in context and pulling it from a variety of sources. A hacker might have mentioned plans for an attack in a dark forum a month ago, and then dropped another clue on another site last week, but the challenge for the enterprise is pulling these two pieces of information together to detect a viable threat.
The Importance of Automation
It’s impossible for any enterprise to manually sift through all the potential places a hacker might post or monitor the chatter in a dark forum. Automation is necessary to patrol the Internet and watch for clues related to the enterprise and identify any threat intelligence. One option is to outsource this automation to a threat intelligence provider, who for a monthly subscription, will detail cyber security threats as well as handle any attacks. These solutions are available through cloud providers and require little to no initial investment in or maintenance related to hardware.
There are also customizable tools available online, or enterprises can use what’s called a web scraper that downloads relevant information for analysis. Due to cost considerations, most organizations will opt for an open source solution that can be built and monitored in-house.
SimpleWAN offers a solution for enterprises seeking intelligent threat detection. When a hacker attempts to infiltrate a firewall, the threat is shared among all SimpleWAN firewalls, alerting all locations. In addition, SimpleWAN uses honeypots to lure hackers into a fake server. Once the hacker has attempted entry, all firewalls are alerted and the hacker is blocked.
To learn more about threat intelligence solutions, contact us at SimpleWAN. We look forward to talking with you about cyber security, or one of the other 20 technologies offered through our solution.