Ready to Start Your Career?

TIPs To Protect Your Cyber Environment

Nihad Hassan's profile image

By: Nihad Hassan

September 27, 2021

Cyberattacks are increasing in both sophistication and number. No organization is immune to cyberattacks; organizations of all sizes and across all industries are subject to cyberattacks. In recent times, cyberattacks have skyrocketed at an unprecedented rate. As most organizations were forced to adopt the work-from-home model, cybercriminals exploited this fact and boosted their cyberattacks against corporate networks and employees' endpoints devices.

According to Cyber Security Ventures, global cybercrime costs are expected to reach $10 trillion by 2025 annually. The same report predicates a significant increase in ransomware attacks to reach one attack against a business every 11 seconds in 2021.

Since the beginning of 2021, cyberattacks have dominated the news headlines, ransomware attacks spiked, and the digital world has witnessed several sophisticated attacks against high-profile targets. One example, the Colonial Pipeline ransomware attack, led to ceasing the pipeline system responsible for delivering gasoline, diesel, and jet fuel supplies into the entire U.S. East Coast. Another major cyberattack that took place recently was the attack against the JBS, which is considered the largest beef supplier globally. The company was forced to pay $11 million for cybercriminals to unlock its "hostage" computer systems.

To counter the ever-increasing number of cyberattacks, organizations worldwide are installing different security solutions, such as Firewalls, IDS/IPS, SIEM, and DLP. However, adversaries still find methods to infiltrate IT systems to gain a foothold despite all security measures. Having an intelligence capability becomes crucial to stopping and mitigating cyberattacks before they arrive at our doorstep, and this is what Cyber Threat Intelligence does.

This article will discuss the top three cyber threat intelligence platforms used by organizations to predict and discover cyber threats and other indicators of compromise before they turn into a direct threat against organization IT systems and networks. However, before we begin, let us briefly define "Cyber Threat Intelligence" and mention its primary sources. After that, we will talk about how threat intelligence platforms (TIP) help security professionals to organize and process threat data collected from various sources using one unified platform.

What is Cyber Threat Intelligence (CTI)?

CTI is the sum of threat information collected from various public and commercial sources and used by security experts to discover and predict ongoing (e.g., APT attacks) and future cyberattacks before they occur. CTI helps an organization discover potential adversaries, their motivations, preferred attack techniques and tools, supporters, attack plans, and your organization's indicator of compromise points, among other things. So it can better prepare its security defenses to halt such attacks.

Threat data can be obtained from a variety of sources, both public and commercial.

  • Public sources- such as official government agencies and other non-profit initiatives, those entities offer their threat data at no cost. They should be your first place to go when collecting threat data. Examples include The FBI and SANS Internet Storm Center.

  • Commercial sources– these are private organizations that offer threat data for a fee. Commercial cyber threat information providers have broad access to threat information and should be considered when setting up your organization's cyber threat intelligence strategy. Examples of commercial providers include FireEye and AT&T.

  • IT vendors– every organization buys its IT equipment and related services from one or more vendors. These companies have their cyber threat intelligence feed that discovers vulnerabilities in their products and alerts their clients to fix or update the affected system to close the security hole. Registering in such a feed is commonly free for customers.

Now that we have an understanding of CTI and its main data sources, the next section will define the "Threat Intelligence Platform" term and mention the most prominent three platforms.

What is a Threat Intelligence Platform (TIP)?

When collecting threat data, an organization will need to use many tools and techniques. Such techniques as Open Source Intelligence (OSINT) and Social Media Intelligence (SOCMINT) will harvest threat data from different data sources (located in different web layers: surface, deep, and darknet). TIP helps organizations utilize various cybersecurity tools in one solution or environment. A TIP is composed of many tools and services that aid organizations in searching and aggregating threat data from various sources and organizing it quickly and accurately to support security experts' intelligence needs.

TIP shifts security experts' work from collecting threat data into analyzing collected data and acting upon it to protect the IT environment; this boosts security experts' productivity, focusing on analyzing potential security threats in the harvested data. Without a TIP solution, CTI analysts will have to collect threat data from many different sources manually. After that, combine and correlate the collected data to get useful insight about future threats. TIP solutions also facilitate sharing of threat data instantly between different security teams; this increases their efficiency and lowers the time needed to conduct the analysis.

TIP comes in two forms, cloud service or on-premise. TIP can also be combined with existing security solutions such as SIEM and Next-Generation Firewall (NGFW).

Top Three TIP solutions

Authentic8

Silo is an Authentic8 threat intelligence platform. It is a web isolation platform that facilitates conducting many threat intelligence-related tasks. Silo provides the following key functions for threat intelligence experts:

  • Allow anonymous web investigations by anonymizing researcher identity. Silo facilitates searching surface, deep, and darknet while eliminating traditional tracking techniques such as IP tracking and digital footprinting. The anonymizing feature of Silo allows tracking adversaries across the web without leaking the researcher or the investigative entity's real identity.

  • Isolate researcher computer devices and applications from online threats. Hence, a researcher can execute untrusted code and applications and access malicious sites within the Silo trusted isolated environment without risking infecting its device, network, or environment with web-borne threats.

  • Facilitate intelligence gathering from publicly available information (OSINT searching), Silo allows researchers to perverse the chain of custody and integrity of the collected digital evidence while navigating the surface, deep, and darknet sources.

  • Facilitate sharing threat information between researchers in multiple locations; Silo supports remote work and allows secure access to remote resources from managed and unmanaged devices.

AT&T Unified Security Management (USM) platform

AT&T USM (AlienVault USM) provides a unified platform for continuous security monitoring, incident response automation, and compliance management (e.g., GDPR and HIPAA). It is a cloud-based service provided in different subscription models. The following list its main features:

  • Continually receive the latest threat intelligence feed from the AT&T Alien Labs research team to remain updated on the most current emerging threats.

  • Monitor both cloud assets and on-premise environments.

  • It is equipped with a strong Intrusion Detection System (IDS).

  • Provides a centralized location to monitor and manage all device logs across the enterprise environment – such as servers, endpoints devices, network equipment, and other related security solutions such as firewalls, IDS, IPS, and SIEM.

  • Support a wide variety of operating systems and devices.

  • Easy to navigate user interface.

  • Easy to set up and comes pre-configured with the required tools to begin your threat detection activities instantly.

Falcon X: Cyber Threat Intelligence

The Falcon X platform provides actionable intelligence for all types of cyber threats threatening your organization. Falcon X comes in three tiers: Falcon X, Falcon X Premium, and Falcon X Elite. The Premium and Elite come with the wealthiest threat intelligence features.

The following list mentions the main features of the Falcon X platform:

  • Perform an in-depth search of all web layers (surface, deep, and darknet) to identify potential adversaries' activities and reveal their attack plans against your organization.

  • Integrate YARA and SNORT rules for maximum network and files threat detection.

  • World-class experts support real-time alerts in sophisticated cyberattacks such as those backed by the nation-state and other organized criminal groups.

  • Provide real-time global indicator of compromise feed.

  • Provide intelligence reports briefing the general landscape of global cyber threats, major adversaries groups, their attack tools, and techniques.

  • Provide custom intelligence reports based on client requests.

Summary

As digital transformation accelerates rapidly, the amount of digital data is increasing at an explosive rate. The volume of data that needs to be investigated for threat intelligence is increasing. In the past, security experts used different cybersecurity tools to capture and analyze threat data manually. However, this practice is not practical anymore because of the massive amount of data that needs to be investigated.

A Threat intelligence platform is created to solve this problem by automatically collecting threat data from various sources and then categorizing and analyzing it properly to become easy to digest by security experts. TIP also provides many other functions, such as continual monitoring of organizations' IT environment, both on-premises and in the cloud.

Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry