Story image

Know your enemy - cyber threat intel crucial

27 Jul 15

Managing cyber security on the internet poses a significant challenge for organisations, because the internet was never designed to be secure. 

That's accroding to BAE Systems Applied Intelligence, who says new frameworks are needed to address cyber space’s unique characteristics and environments. 

The security firm says cyber threat intelligence has emerged as a vital approach to designing an effective security regime. 

Dr Malcolm Shore, technical director, BAE Systems Applied Intelligence, says IT can no longer be protected by implementing a standard set of security controls. 

“It is sobering to realise that the most prevalent security controls standard was originally developed in the early 1990s - 25 years ago and prior to the internet as we know it," Shore says. "Given the changes that have occurred since then, it’s no surprise that these controls are no longer adequate.”  

“There needs to be much more emphasis on the new approaches such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework if we’re to keep pace with our adversaries,“ says Shore. 

He says because cyber space  is increasingly looking like a battlefield, cyber threat intelligence is vital to designing an effective security regime. "This means knowing who is attacking you, what their motives are, and how they execute their attacks," Shore explains.   

The value of cyber threat intelligence lies in its ability to change an organisation’s posture from being reactive, responding to attacks when it’s breached, to being proactive, where cyber security defences are tuned to expect and deflect attacks.   

Shore explains that cyber threat intelligence comes in two forms; operational and strategic. "Operational intelligence consists of data that can be used to configure cyber defence equipment such as intrusion detection devices," he says. "Strategic intelligence is defined as knowing and understanding the potential threats and how they may affect the organisation. 

"Both are essential for delivering effective protection," adds Shore.

Organisations can start to understand their adversaries by mapping the adversaries’ past activities and capabilities, historical and current affiliations, their readiness and objectives, and future ambitions. "This lets companies set informed priorities for cyber defence investments, and respond faster and more effectively in the event of an incident," Shore explains.  

“Cyber attacks are rarely carried out without clear motivation or as a single action, so one of the key goals of threat intelligence is to anticipate them,” he says. 

“To successfully defend against contemporary attacks requires a focus on new areas of cyber security including threat intelligence.” 

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.