Most business leaders know that they are responsible for cybersecurity and privacy threats, wherever and whenever they occur across their enterprise systems. To do so, a real-time threat-intelligence and information-sharing program is needed.
The challenge? Threat management is a multifaceted, complex discipline that relies on multiple interconnected systems to gather, correlate and analyze threat information from disparate sources. A cloud-centric approach can help reduce complexities by combining analytics from multiple sources and solutions without compromising data security. The cloud model delivers computational power to monitor and analyze all digital interactions and create a unified repository of information to yield actionable intelligence.
A cloud-based threat-intelligence program can help defend against intrusions before they occur. Ultimately, this will help build competitive advantages by protecting customer data, business assets and brand reputation.
Many organizations are proactively adopting or updating key technologies that are essential to gathering and analyzing threat intelligence. Few capabilities are more fundamental to proactive threat intelligence than real-time monitoring and analytics. This year, more than half of respondents say they actively monitor and analyze threat intelligence to help detect risks and incidents.
These technologies provide contextual awareness of threats and an understanding of the tactics, techniques and procedures of adversaries. When analytics and threat intelligence are synthesized in the cloud, it becomes possible to create a single source of enterprise-wide data.
Another trend lies in adaptive authentication. As IT systems capture increasingly more information, businesses are starting to leverage additional data points to identify suspicious behaviors and patterns. Adaptive authentication uses data such as the user’s login time and location, patterns of access and type of device to detect aberrant activity.
There is no off-the-shelf solution for adaptive authorization. Instead, it combines existing tools such as security information and event management (SIEM) to create a risk profile.
As cyberthreats become increasingly sophisticated, many organizations are sharing critical threat intelligence with business peers, industry groups and government agencies to collectively advance cybersecurity intelligence and capabilities.
Information sharing can provide actionable intelligence that enables organizations to gain visibility into their most relevant risks and more quickly detect and respond to incidents. To be truly effective, the information-sharing system should be able to ingest data, analyze activity, classify and validate threats, and push alerts—all in real time. It should also deliver contextual information about how threats impact an organization’s specific environment.
As with any new platform that aims to be interoperable with multiple disparate systems, data types and external organizations, there are considerable challenges. Chief among them is a lack of a unified framework for information sharing.
“Information sharing programs really began to ramp up in 2016. Various business groups, state and local organizations as well as very sophisticated industry groups rallied in extraordinary ways to share threat information with one another and solve this problem together.”