Almost every industry has been impacted by threat actors, making defenders operate in a preventive in a security posture. Security Intelligence is the Excalibur of security tools with cybersecurity intelligence showing commitment to preventive security.
Actionable information on adversaries and malicious activities is aggregated by cybersecurity intelligence, enabling stakeholders and protectors to ameliorate harm through informed decision making. A recent forecast by researchers suggests that hat the cybersecurity intelligence market will surpass $13 billion by 2025, which means abundant and expensive data that is often challenging to incorporate into actionable intelligence.
Innovative and expensive ideas are inspired by Cybersecurity intelligence to identify, prioritize, and assess critical threats. One such idea is the “Single Pane of Glass” or SPOG to view enterprise threats. Powered by threat feeds, the SPOG offers real-time access to hundreds of sources, such as deep and dark web sources. However, without context, they may not meet the needs of the organization. In this blog post, we shall discuss the thought process behind SPOG, the threat feed, and how human intelligence catalysts can aid decision-makers with actionable intelligence.
What is Single Pane of Glass?
The phrase, Single Pane of Glass is very common with security practitioners, which to them means a centralized means of control. SPOG, under various circumstances, can help achieve actionable intelligence while being independent of previous experiences. Multiple security tools are used by intelligent analysts to collect indicators of compromise (IoCs) consisting of IP addresses, domains, URLs, data-leaked credentials, hashes, and more in channels called threat feeds. This means without any context there is a good flow of data. A SPOG could be a game-changer when it allows for single sign-on or a unified view of the various security tools and threat feeds used.
Threat feeds from the Financial Services Information Sharing and Analysis Center (FS-ISAC) along with Information Sharing, and Analysis Organizations (ISAOs) can be leveraged by SPOG by the intelligence analysts, focusing on protecting the financial services industry. Members within the FS-ISAC, can coordinate possible suspects, and share information like, IoCs of what cyberattacks were focusing on, who were the attackers, how they carried out the attack, and prepare for future attacks. Most ISACs and ISAOs are free or require an annual fee based on revenue or total assets. Intelligence analysts gain access to services such as on-demand intelligence services to ask a security provider specific questions about emerging security threats after leveraging threat feeds from ISACs and ISAOs. However, realizing the value of a SPOG and its features relies on human intelligence analyst intervention to design a SPOG that produces relevant and actionable intelligence.
Situation Awareness against Actionable Intelligence
Consider a Global Positioning System (GPS). As for situational awareness, it’s great to know that I am on a moving vehicle but for actionable awareness would be when the GPS would suggest the fastest route to get to my destination. Therefore, filtered and analyzed intelligence will fall into actionable intelligence and intelligence for situational awareness.
It is rather common for some data vendors to share detailed reports of 50–60 leaked credentials from data breaches such as Anthem, Target, or Experian. Such data is accurate in most cases. However, an analyst will ask whether the credential nomenclature matches the organization’s policies for a strong username and password length and complexity. If that’s the scenario then there is a problem with identity and access management, thus actionable intelligence. Steps of remediation are offered by the intelligence to force password resets, educate employees to prevent social engineering attacks, discourage password reuse, and advocate for two-factor authentication. If policies of an organization are not met by the intelligence then this is the intelligence for situational awareness. The intelligence was accurate at one time, but previous remediations lowered the impact and probability of exploitation by a threat actor.
Threat Actors And Their Human Truth
The fact behind all the security breaches is the same. All the threat actors have human motivations behind their malicious intent. They are thoughtful, developing their identities, understanding their strengths, weaknesses, capabilities, and building threat actor communities. Intelligence should work on revealing their identities and motivations providing context to ensure the information is actionable and applies to the organization. The security posture will transition from reactive to preventive security posture as the cybersecurity intelligence collection matures.
This just reminds us of one thing, to always invest in the human component of intelligence.
To read more, please check eScan Blog
