Threat Intel Tools Take Enterprises Away From ‘Reactive’ Posture

CISOs Deploying Tech To Streamline Efforts All Around

Dan Gunderman

Cyber security tools have come a long way. Embracing the changing tides of automation, they’ve become force multipliers – versus reactive tools – and are helping Chief Information Security Officers (CISO) cut down on response time. The ultimate goal: to bolster overall security and strive for real-time response.

In order to reach those marks, solutions have advanced, but so have the security teams that administer them. It is a holistic approach that yields measurable results in the security operation centers (SOC). That is, a fine balance between human intuition and advanced security tools (threat detection, identity and access controls, etc.).

Today, many CISOs – and those with similar titles – are basing crucial security decisions off of the intelligence that comes from their various platforms and dashboards. That is to say that threat intelligence has taken on a whole new meaning within the enterprise.

Not only do CISOs have to grasp the diversified threats to their respective networks, but they have to justify decisions to the rest of the C-Suite and/or board. So, auto-generated data that does some of that justification is an integral puzzle piece for the larger organization (and helpful in moving it forward).

See Related: IoT Spending Predicted To Rise While Industry Calls For Regulations

Effective threat intelligence tools in the enterprise can transition the SOC from reactive to proactive and wholly responsive. This is especially true for CISOs charged with “guarding” sensitive data – proprietary information, financial and/or health records, etc.

Threat Intel: Shapes & Sizes

Commenting on threat intelligence's new or changing format, Doug Cahill, Senior Analyst and Group Director, ESG Global Research, told the Cyber Security Hub: "Because static threat intelligence such as lists of known bad file hashes, domains and IP have a limited shelf life, threat intel need to be actionable by being timely and relevant to a particular industry, and ideally to a specific organization since so many attacks are targeted.”

Cahill said that in order to meet this requirement, “threat intel services are now expanding to include characteristics of attack chains employed by adversaries and thus more broadly applicable. For specificity we can start to think about recon services as a form of threat intel for a particular organization. And cyber security vendors are now also leveraging their corpuses of threat intelligence data to train machine learning algorithms to detect and prevent new and unknown threats.”


New York City CISO, Geoff Brown, said at the Cyber Threat Intelligence Forum that the digital intel is “absolutely critical.” Brown was chosen to lead the city’s Cyber Command in 2017 by Mayor Bill de Blasio.

According to StateScoop, Brown said that he’s currently using technology to craft workable threat intelligence across his IT environment. Resulting analysis then factors into his decision making.

In a video interview, Brown said, “I think understanding threat intelligence from a good analytical perspective, and the work a good analyst can do, allows someone like myself who has executive responsibilities, to explain why we are investing in improvements in certain areas that might cover critical services.”

Brown indicated that today’s technical tools are being used to detect anomalous behavior, which results in more informed leadership. Seeing the threats, or risks, laid out before them, executives are able to prioritize and make sound decisions.

The New York City CISO said threat intelligence capabilities allow him to highlight threats based on what’s occurring “in the wild,” and to understand their anatomy. As such, operations could see a boost in productivity.

See Related: 'Unforgiving Technology': Ins And Outs Of Crypto-Crime

CISOs like Brown can take the insight the threat intelligence platforms provide, and multiply its effect, toward the wider business, allowing for an entirely more streamlined approach. The timeworn concept of reactive security protocols simply pales in comparison to the near-real-time analysis.

While Brown said the traditional analyst approach is warranted – in fostering maturation over time – it is threat intelligence that “allows you to have a high degree of confidence…that a bad behavior is bad enough that it should be contained automatically at the speed of the attack.”

'Missing Threats'

In a recent column for AFCEA, John Kupcinski, Director of KPMG’s Federal Cyber Security Group, explained the upside of threat intelligence, using federal agencies as a reference. He wrote: “While analyzing data can provide organizations with deeper insights and enhanced understanding, pairing it with cyber threat intelligence (CTI) can help assure agencies don’t miss potential threats.”

He continued: “CTI can be a great asset in analyzing user behavior data, vulnerability data, social media activity, web activity, third-party risk, monitoring of persistent threats, cyber-crime and more.”

“By employing CTI,” he wrote, “agency management moves to a proactive cyber defense posture rather than reacting to sudden breakdowns.”

Whether it is a municipal government, federal agency, large enterprise or small or midsize enterprise (SME), threat intelligence tools help cyber security practitioners augment their day-to-day duties and facilitate progress within their respective organizations. To ignore it is to remain affixed to a bygone cyber-era.

Be Sure To Check Out: Leading Cyber Security Execs Describe CISO 'Toolkits'