We have discussions daily with customers, partners, and prospects about cyber security solutions and it’s not uncommon to hear questions like “What is cyber threat intelligence?” or “Where does cyber threat intelligence analytics fit into my organization?” This post will, hopefully, provide some clarity on what they mean to us and the benefits of using intelligence and analytics together.
What is Cyber Threat Intelligence
Just about every organization, publication, or institution has their definition of cyber threat intelligence. For us, when we think of it, we think of data/information that has gone through some sort of evaluation process by an analyst or meets accurate rules of correlation configured by an analyst to make it more valuable, accurate, and attributed to previously identified or new threats. This “value” could come in a variety of flavors such as, being easier to incorporate into workflows, easier to search through, ability to analyze faster, all making it more actionable. There are several great cyber threat intelligence platforms that are able to take cyber related data and turn it into intelligence – iSight Partners, Symantec Deepsight, FS-ISAC, Farsight, Cyveillance, are just a few, and these providers then offer this evaluated data as a private threat intelligence feed. These feeds can be extremely valuable and offer insights into vulnerabilities, exploitations, threat actors, indicators of compromise (IOCs), and much more.
What is Cyber Threat Analytics
According to Wikipedia, the term analytics means the discovery and communication of meaningful patterns in data. Here at IKANOW we believe this is what a cyber and risk analytics platform should do – it should help organizations discover, visualize, and communicate meaningful insights from a variety of sources. These sources could be from the private feeds listed above, to open-source data, to network logs, enterprise data, and social media. This is what IKANOW specializes in – providing the ability to easily pivot from threat intelligence into enterprise data and produce analytics to drive decision making.
A match made in heaven
Cyber threat intelligence platforms and cyber threat analytics platforms must work together to provide a more proactive approach to defending against the unpredictable cyber threat landscape.
Here at IKANOW, we partner with threat intelligence providers because they provide valuable intelligence to our customers by offering deeper insights into their overall security posture. For example, we integrate with iSight’s ThreatScape® feed to allow critical indicators of compromise (IOCs) to quickly be ingested, extracted, and operationalized through automated historical lookups against network logs. The automated lookup process takes extracted IOCs from private threat feeds and open source blacklists and generates alerts against historical log data. This fusion of threat feed and network log data saves time, money, and ensures that organizations have insight and knowledge of high threat activity on their networks. The IKANOW threat analytics platform also allows vulnerability and exploit information to easily be extracted from the ThreatScape® feed, enabling an easy analyst pivot into enterprise scan data. Valuable analytics are then performed to answer critical enterprise security questions such as “Who is exploiting a critical vulnerability?”, “How many hosts are affected by a critical vulnerability?” and “How much will it cost us to patch this critical vulnerability?” According to Troy Mattern, Deputy Head of Cyber Security & Head of Threat Intelligence at Zurich Insurance Group, “Data like this allows us take the conversation away from theory and closer to reality. Concrete data drives action in a way ‘might’ or ‘could’ just does not.”
Responding to and anticipating cyber threats requires a specialized set of tools, infrastructure, and support. IKANOW offers a revolutionary way to equip security professionals with tools so they can actively recalibrate their security posture. By applying adaptable analytical techniques, these tools help mechanize the analysis and decision making process, which results in lower cyber risks.
Over the next couple of weeks we are going to be posting a blog series diving deeper into cyber threat intelligence platforms and cyber threat analytics platforms as well as covering the importance of utilizing both to maximize your organization’s investments. At the end of the blog series, you’ll be able to download the series as an eBook. If you’d like to be notified when this eBook is available, fill out the form on the right and check “Yes, please subscribe me to monthly blog updates from IKANOW”.
To learn more about how IKANOW integrates with private threat intelligence feeds, social media, OSINT data, network logs, and enterprise data, click on one of the buttons below.