Tis The Season: Core Competencies of Threat Intelligence
Many vendors offer solutions delivering the “latest” in threat intelligence, but it’s important to look under the hood. The best threat intelligence is based in reality – meaning it’s current and given with full transparency. It takes a company with a certain skill set to get the most out of the attack field, and to do so, certain core competencies are required.
Threat Intelligence: Keep it Current
More information is good, but good information is better. What benefit is a threat feed if it catches emerging threats but fails to account for stale (but still relevant) vulnerabilities – like Log4j? While a year old (downright ancient for some exploits), Log4j has not lost much of its initial bite and is still effecting vulnerable systems.
Our proprietary threat feed CINS (Collective Intelligence Network Security) has gathered the most recent attack data from each of our Sentinel devices out in the field for over a decade now. The diversity of threat environments protected by Sentinel worldwide enriches the quality of threat information, contributing to a comprehensive threat picture across different industries and geographies. This data is then aggregated to form a “CINS Score” or overall rating of IP trustworthiness we then share back out with each unit in the Sentinel network. Combined with other well-respected threat feeds from outside of our network, the CINS score keeps each Sentinel device primed with the most relevant, to-the-minute attack data.
As a point of perspective, cyberattacks from Chinese IPs rose by 76% in the span of a few months this past year. Current threat intel is a core competency necessary to stay ahead of the latest attacks.
Best Relationships, Best Information
When you go in with a Threat Intelligence provider, you’re not only getting their data, you’re getting them; their customer service, their relationship-building skills, their company ethic, and their style of doing business. Make sure you like it.
While it may seem there are more “important” things to worry about, good relationships between threat intelligence providers and clients can actually be good for business. We have the honor of working with a large number of small, mid-size and large businesses whose trust we’ve worked to earn. As a consequence, they feel confident coming to us when something really serious hits the fan. We can investigate, report, and disseminate that threat data to better inform the rest of our customer base.
Establishing a relationship of trust with your provider can magnify the benefits of working with a managed threat intelligence team as they get to know you and your threat geography, and you become familiar with how they work. Over time, that partnership will run smoothly and enable you to act faster together while others are still dealing with the transitional lags of switching vendors (and beginning that process all over again). Find one you like and invest – the results will pay security dividends.
Staying Safe over the Holidays
As the year winds to a close, a new splash of threat awareness may be panic-inducing as cybersecurity professionals are hoping to spend some time off without incident. Fingers crossed. Prepare by making sure your threat intelligence feeds update automatically and automating anything that can take the security burden off your shoulders. Network detection and response has a lot of moving parts, but not all are equally important, so find a solution that can work autonomously to do the mundane tasks.
And this doesn’t just work for the holidays – why not make this the modus operandi year-round? Right before the start of a new year we all take stock of what went well (and didn’t) in the old one. If automating simple security tasks comes as a shock, or a rather good idea for getting by over the break, consider how effective your team can be in the new year with a considerable security load off its plate.
That’s where a managed threat detection and response solution comes in. While you’re drinking cocoa by the fireplace, know that partners like Sentinel IPS can monitor your network 24/7/365 and run autonomous threat responses while you sip. Trust that you’ll get alerted to the most important events, and only those, as Sentinel’s Outpost blocks myriads of exploits before they have the chance to jam alert systems. And in a crisis, Sentinel devices (updated with to-the-minute threat intelligence feeds) will cloak your network from known exploits and send malware looking for the next low-hanging fruit. This is all done autonomously, giving your team the time to attend to weightier matters – like spending time relaxing or driving your next security strategy.
Small to medium-sized businesses can run the risk of spending the bulk of their security resources responding to threats and putting out fires. Larger companies have the time and resources to invest in forward-thinking projects like network detection and response, threat hunting, and long-term security strategy. Sentinel IPS is designed to bridge that gap and give SMBs affordable, attainable access to best-in-class response tools that work autonomously, just like the big guys. By creatively leveraging our CINS feed and positioning our Sentinel outside the firewall, we block threats at the source and hide your network from the rest, saving on large computational resources and using the core competencies of threat intelligence to level the playing field. Contact one of our experts at our 24/7 online Support Center if you want to learn more.
Ted has worked with network security and web technologies for almost 30 years, beginning his career as a full-stack web engineer and transitioning to network security. He now guides Nomic and its supporting initiatives, including CINS Active Threat Intelligence.