Conduct Better and More Effective Investigations
Cybersecurity is an ongoing battle between sophisticated and well-funded bad actors and those who must defend corporate networks against their attacks. The bad news is that the latter are typically not winning. A recent Osterman Research survey found that while most organizations self-report that they are doing “well” or “very well” against ransomware, other types of malware infections, and thwarting account takeovers, they are not doing well against just about every other type of threat. These include protecting data sought by attackers, preventing users from reaching malicious sites after they respond to a phishing message, eliminating business email compromise (BEC) attacks, eliminating phishing attempts before they reach end users, and preventing infections on mobile devices.
This missing component for most organizations is the addition of robust and actionable threat intelligence to their existing security defenses. The use of good threat intelligence can enable security analysts, threat researchers and others to gain the upper hand in dealing with cyber criminals by giving them the information they need to better understand current and past attacks, and it can give them the tools they need to predict and thwart future attacks. Moreover, good threat intelligence can bolster existing security defenses like SIEMs and firewalls and make them more effective against attacks.
Key takeaways from this paper include:
- Security incidents are common: a recent Osterman Research survey found that more than four in five organizations reported one or more serious security incidents had occurred during the previous 12 months.
- While the average dwell time – the gap between infiltration and discovery of a threat – is shortening, it is still quite long, enabling bad actors ample time to steal corporate data and financial assets.
- Existing security defenses provide some measure of protection against increasingly sophisticated threats, but the enormous number of data breaches and related problems experienced by many organizations reveals that current security practices are not adequate.
- Good threat intelligence capabilities can provide a great deal of information about the domains and IP addresses that are attempting to gain access to a network. It can enable threat researchers to better understand the source of current and past attacks and better deal with future attacks.