The Role of Intelligence in Network Defence
15 May 2014
The purpose of this white paper is to educate the reader on how threat intelligence can add substantial value to the security of a computer network as part of a wider cyber security strategy.
The paper deals with understanding intelligence requirements, risks to an organisation’s data, differentiating between threat intelligence vendors and implementing the intelligence feed to detect and investigate nefarious activity.
Intelligence differs from data and information substantially. Intelligence is assessed information; it highlights detail and allows the consumer to make tactical and strategic decisions in the context of the operating environment. Just as governments gather intelligence to better understand the threats and opportunities to the stability and security of a country, so too can organisations gather intelligence to help improve the security of their IT network and understanding of the threat landscape.
In order to consume intelligence effectively, an organisation should have an understanding of the activity on its network, the threat actors who will be targeting data on the network, and the gaps in network security which could be exploited by
attackers. Only if the organisation has a developed view of what it is most worried about can it develop an effective intelligence strategy to address those requirements.
Threat intelligence is a key part of any comprehensive cyber security strategy, though it is in no way a panacea to targeted attacks. Understanding the malware and methodologies being used by attackers against organisations operating in the same sector allows for early identification of attacks and effective remediation, potentially limiting damage done.
Threat intelligence feeds should also educate senior decision makers about the threat landscape, allowing for a better understanding of how attackers are targeting data, which data is most at risk and the range of measures which a responsible organisation should consider in order to safeguard that data. There are significant differences in what threat intelligence vendors provide in this area and organisations should consider whether the various offerings address their needs for intelligence on specific actors. There is a financial case for investing in threat intelligence to mitigate attacks or limit the damage caused by attacks through early identification of nefarious activity.
Targeted attacks are not solely an IT issue, they are a business risk. A cyber security strategy is essential if organisations are to understand the risks and threats to their data.