Cyber threat analysis—learning about new and emerging threats and keeping your systems automatically updated to protect against them—is a critical component of any cybersecurity program. We talked to Jason Rebholz, Chief Information Security Officer of Corvus Insurance about how cyber threat intelligence tools, like the NetDiligence eRiskHub® portal and Cyber Risk News Alert, can help organizations stay informed about how and where they need to improve their cybersecurity posture.
What is threat intelligence in cybersecurity and why is it important?
Cyber threat intelligence comes in many shapes and sizes. The most important for any cybersecurity program includes “finished intel” and Indicators of Compromise.
Finished intel is curated information on threat trends. Organizations should expect to receive information highlighting specific threats to their industry, high-level attack trends, and other sets of information that help guide a risk management program. The key to finished intel is that it helps organizations plan and prepare across their cybersecurity program.
Indicators of Compromise, or IOCs, are more tactical. They are specific bits of information on attacker tools such as file names, file hashes (unique identifier of a file), IP addresses, and domain names. This information is meant to be fed into security technology to help you block known attacks.
How should organizations use cyber threat intelligence tools to their benefit?
Simply put, threat intelligence is about risk awareness. For many organizations, it is an investment that may not have a measurable return but which becomes an integral part of a security program as it matures.
Organizations should ensure that their security technology is receiving the latest threat intelligence to keep them safe. Many vendors of security technologies provide this as part of built-in services.
Additional investment in IOCs becomes a force multiplier in those cases. For finished intel, organizations can spot the incoming trends and adapt accordingly. This type of intel is best suited for companies that have a more mature security program and a dedicated Chief Information Security Officer.
Our own NetDiligence Cyber Risk News Alert keeps readers informed every month about new and emerging cybersecurity concerns. Where can users find additional cyber threat intel?
If you’re just starting out, security news publications are a great place to source information. This will build awareness of emerging attacks and techniques that threat actors are deploying. At the same time, turn to your existing security vendors to see what threat intel they provide, both in finished intelligence reports and IOCs.
From there, organizations can leverage open source threat intelligence feeds—these are free to use feeds that can be incorporated into your security technology. Popular options include Proofpoints’s emerging threat rules and AlienVault’s OTX threat feeds.
Lastly, organizations can explore paid threat intelligence solutions. When purchasing threat intelligence, it’s best to define your use cases and trial a variety of vendors to identify the one that will best support your business.
We would like to thank Jason for sharing this overview of how to leverage threat intelligence to improve defenses against cyber threats.
You can learn more about Jason Rebholz and Corvus Insurance here.
Sign up for the monthly NetDiligence Cyber Risk Alert using the form on this page. You can also view previous publications of our alerts here.
Last but not least, log in to the eRiskHub® portal to get access to robust and real-time cyber threat intelligence from all corners of the industry. Ask your cyber insurance provider for more info about the eRiskHub today.