The premise of threat intelligence is simple — Feed information on evil stuff to your security infrastructure and proactively proactively protect yourself. Who wouldn’t want to do this?
How can you make threat intelligence work for you?
Predicting and preempting an attack before it begins is a defensive capability all organisations aspire to. Threat intelligence makes this possible, unfortunately, there are varying levels of how ‘intelligent’ different approaches are.
Threat intelligence is a hot cybersecurity buzzword — many solutions purport to offer actionable intel to block attacks before they cause damage, but do they really deliver?
Most intelligence is some version of ’block these IPs / malware hashes / C&C domains because they did something nasty to someone, somewhere, at some point in time’. This is neither relevant, nor actionable, but it feels like something proactive has been accomplished. Unfortunately sophisticated attackers rarely if ever re-use their source IP addresses, command and control channels and malicious software.
A far better approach is for organisations to build their own private threat intelligence — information on threat actors that is relevant to you specifically. The number of indicators may be far less, but they are much higher quality, and it is far more likely that they will be used in an actual attack. However, developing this capability was extremely difficult. Until now with private threat intelligence generated by Smokescreen’s deception technology.