Blog Goal Of Threat Intel
21Apr

Implementing a Threat Intel Program is Critical to Cybersecurity


Organizations today are under constant attack from cybercriminals so developing an effective threat intel program is imperative as a way to defend your organization. The recently published Consortium Networks’ CISO white paper The Goal of Threat Intelligence offers practical advice on the best way to set up your threat intel defense.

The basic steps cover setting clear goals, so you can target the right data set from the vast amount of data available to avoid “over analysis.” Then, you gather input from both your technical and business teams to establish priorities. This is followed by leveraging the knowledge of all stakeholders to identify common perceived and actual threats that currently exist.

Ideally, it’s important to find the right blend of data analysis and cybersecurity expertise. Combining this technical knowledge with business intelligence leads to a synergistic analysis of data that will yield the best results.

Setting up a successful threat intel program requires establishing a repository to hold the data discovered in the fact-finding stage. Ultimately, you need to document rules for classifying and organizing the gathered intel. Then you define how you will share updates, information, and other actionable communication.

As discussed in the CISO whitepaper, the key to an effective program is being able to deliver easy-to-understand, actionable intelligence to all relevant stakeholders, decision makers, and employees. An actionable threat intelligence program takes time, but it is never finished since it must be flexible enough to adapt to changes that arise. It’s important to keep the lines of communication open with everyone involved – vendors, peers, decision makers – to be able to correct any missteps that occur along the way.


Join Consortium Networks today to download the full white paper and to receive access to other valuable security technology content.


Intelligence Driven Security Programs
14Mar

Cyber Threat Intelligence is an important component of any effective security program. The elevated increase of high-profile breaches in recent years has led to an increasingly complex and stringent compliance regime. Depending on your business vertical, you may already have some familiarity with the Payment Card Industry – Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), National Institute for Standards and Technology (NIST) Cyber Security Framework, and 800-53. The ultimate objectives of all of these standards in to ensure the protection of personal data held by our companies. Although building your security program around a particular compliance regime may insure compliance with that regime, it may not provide the best security posture for your organization.

To be clear, I am not suggesting that compliance is unimportant or to be ignored. However, I am a proponent of intelligence-led security programs, as intelligence - not compliance - should drive your security program. Our overall objective should be to move from a reactive security posture to one that is predictive.

The first thing to understand is your organizational risk and threat profile. You must position your resources against the threats that matter to YOUR organization. In order to effectively do this, you must first understand what your threat landscape looks like and establish the organizational risk tolerance within your organization.

Intelligence-Driven-Security-programs-chart1.png#asset:2618
The First Step to Establishing A Solid Foundation for Intelligence-Driven Security


A good friend once said (he says it all the time actually) “the first rule in cyber security is to know thyself.” To that end, you might consider your answers to the following questions:

  • What sector am I in? Am I considered "critical infrastructure"?
  • What are my business units, how are they interconnected?
  • What is my geographic footprint (the EU has a very different view of PII than we have in the US)?
  • Who are my partners?
  • Who are my customers?
  • What/where are my assets?
  • What is our threat history?
  • What data do I hold/process (customer data, HR data, business critical data, etc.)?

Once you have a firm understanding of your organizational risk, the next step is to understand your stakeholders and consumers. What are the roles of the consumers of your intelligence; what information is relevant for them? In what format and in what degree of frequency would they like to receive intelligence? What are the use cases for your consumers? Understanding the various use cases should allow you to tailor the intelligence for your customers, thereby increasing the value to your organization.

You must also establish your intelligence requirements?

Some questions to help establish requirements might include, but are not limited to, the following:

  • What intelligence is needed by our customer?
  • What vulnerabilities are being exploited in the wild?
  • Can we detect and defend against those exploits?

You must also establish collection requirements.

  • Liaison with like organizations within your business sector
  • Liaison with other members of the information security community
  • Open source feeds
  • Online forum monitoring where exploitation and vulnerabilities are discussed
  • Blog monitoring

Establishing requirements should allow for effective response to incidents. The intelligence must be categorized and prioritized in a way that allows for detection and response to the most critical information with the requisite speed and resources.

You must also develop sources (subscribed intelligence feeds, indigenous intelligence and/or intelligence provided by one of the many government entities) to maximize the intelligence value. Finally establish the expected actions on the intelligence.

Implementing Practices for Intelligence-Driven Security Programs

Step two is developing best practices (methods) for managing the intelligence life cycle. That lifecycle should include building and analytic framework, developing your analyst tradecraft and expertise, collection and processing, develop relevant production standards, etc.  Subsequently, or simultaneously, you must integrate intelligence within your technology stack. This could include feeds into your SIEM, Content Management System, anti-virus, endpoint technology, network traffic analysis tools, etc.

Realizing Capabilities

Assuming a strong foundation and the development of best practices, the benefit is realizing the capabilities. A mature intelligence program should provide a myriad of benefits to the enterprise, including:

  • Provide for proactive threat detection
  • Effective and repeatable threat communications
  • Effective two-way information sharing
  • Threat trending and predictive analytics
  • Proactive threat detection
  • Analytic/tactical support to security operations
  • Enterprise strategic decision support

I started this conversation with a statement that I believe in intelligence over compliance-driven security programs. Compliance does matter, but the fact is that you can do both at the same time. However, the intelligence-driven security model allows for the best opportunity to achieve a predictive security state.

Intelligence-Driven-Security-programs-chart2.png#asset:2619


Get access to more content by becoming a member of Consortium today.


Steps For Cyber Security Blog Header Template
14, 2017

5 Fundamental Steps for Cyber Security


Every business connected to a network is data rich target for cybercriminals. “Ransomware,” which was a term rarely unheard of until a few years ago, is now a daily threat. IoT hacking, DDoS attacks, and internal threats are all a reality today as well, making the job of IT security teams never complete. And as cyber threats and attack methods evolve, so must the way businesses think about IT security.

Michal Zanga, formerly of the Royal Bank of Scotland, stresses that having a cyber security policy document in place is the first step in protecting businesses data and other digital assets from malicious actors. “You have to start with a policy in place,” says Zanga, “and it has to be comprehensive across the organization.” But the policy is just that-a first step in a series of actions IT teams and businesses must commit to and stay on top of.

The whitepaper CISO Best Practices: The Starting Point for Cyber Security -- available to members of Consortium -- is based on the premise that, at some stage, all networks will face attacks that expose flaws in the system. On top of building a stakeholder approved policy document, the article covers four additional steps IT teams should take in order to be prepared for when the attack happens. These additional steps include:

  • Assume you will be breached and develop a response plan
  • Using external parties to test the system and obtain valuable, independent assessment data on how to strengthen current and future security posture.
  • Addressing the internal and external channels, including those that may come from stakeholders and employees.
  • Planning ahead and instituting a system for promptly addressing ongoing changes.

Join Consortium today to get access to the full article along with other information that will help keep your data, digital assets, and business brand secure.


Crowd Strike Training Event Header Va
07, 2017

Half Day Training Course: Cyber Security - Advanced Threat Hunting - Virginia


Wednesday, October 11 | 8:00am - 2:00pm EST
Venue: Hilton - Crystal City, VA


Security Operations Centers must evolve if they hope to hunt for and deal with sophisticated, file-less threats capable of evading standard security measures. Only the right combination of technology, intelligence and people is key to the team’s ability to detect, hunt and eliminate threats and immediately execute a cyber crisis response plan.

On October 11, join CrowdStrike and Consortium Networks for an intense adversary threat hunting program; learn the latest advanced adversary techniques and latest tradecraft. You will advance your threat hunting skills and methods and take your organization's ability to detect and hunt to the next level.

Through real world examples and war stories our world renowned 24/7 Overwatch Threat Hunting Team will show you new and existing techniques adversaries use; followed by our Response Team training you on how to hunt for new and existing techniques.

Highlights:

  • You will learn about the latest real-world hacking techniques
  • You will leave knowing how to hunt for these techniques in your environment
  • Bring your own laptop, log into our cloud environment and hunt for threats yourself using your newly acquired skills
  • See a live red team/blue team exercise

Who Should Attend:

If you manage a Security Operations Center; are a Security Analyst; Threat Intel Analyst or Incident Responder this is an immersive and interactive training to hunt, identify and get ahead of your attackers before a mega-breach occurs.

Agenda:

8:00AM - 8:30AM

  • Breakfast is served

8:30AM - 10:30AM

  • Overwatch Threat Hunting - War stories from the trenches; what CrowdStrike sees from 51 billion endpoint events

10:30AM - 12:30PM

  • Training - How to hunt for new and existing adversaries

12:30PM - 2:00PM

  • Track the steps of a real pen-tester through a Red Team/Blue Team Exercise (working lunch)

2:00PM

  • Close

register-Cyber-Security-Training-Course.png#asset:2286

Register now and take your organization's ability to detect and hunt to the next level.


Get access to more content by becoming a member of Consortium today.


Crowd Strike Cyber Security Training Course
22, 2017

Half Day Training Course: Cyber Security - Advanced Threat Hunting


Thursday, September 21 | 8:30am - 2:00pm EST
Venue: The Westin Boston Waterfront, 425 Summer St. | Boston, MA 02210


On September 21, you're invited to join CrowdStrike and Consortium Networks for an intense adversary threat hunting program.

In this exclusive event, you'll learn the latest advanced adversary techniques and tradecraft and advance your threat hunting skills and methods.

Highlights:

  • You will learn about the latest real-world hacking techniques
  • You will leave knowing how to hunt for these techniques in your environment
  • Bring your own laptop, log into our cloud environment and hunt for threats yourself using your newly acquired skills
  • See a live red team/blue team exercise

Agenda:

8:00AM - 8:30AM

  • Breakfast is served

8:30AM - 10:30AM

  • Overwatch Threat Hunting - War stories from the trenches; what CrowdStrike sees from 51 billion endpoint events

10:30AM - 12:30PM

  • Training - How to hunt for new and existing adversaries

12:30PM - 2:00PM

  • Track the steps of a real pen-tester through a Red Team/Blue Team Exercise (working lunch)

2:00PM

  • Close

register-Cyber-Security-Training-Course.png#asset:2286

Register now and take your organization's ability to detect and hunt to the next level.


Get access to more content by becoming a member of Consortium today.