Threat intelligence is a critical organizational need

Cover story: Continuous threat intelligence collection, analysis, and optimization can help organizations improve cybersecurity measures.

04/13/2018


Courtesy: Luca Bravo/UnsplashCybersecurity managers face many challenges, with corporate boards demanding awareness of cyber risks, faster processing of complex data, and efficiently managed services for an increasing number of intelligent devices. Security teams are in a better position to defend their organizations against threats if they take the proper preventive measures. Tools and staff need to be augmented with threat intelligence.

Threat intelligence is no longer just for large, well-funded organizations. It is now required to be an overall component of mitigation strategies for all businesses that operate within this evolving technological environment. Small businesses are able to access credible threat intelligence sources that can be based on an organization's profile and supply chain. Critical data that used to be in a secured data center now moves across an increasingly complex ecosystem of networked environments including the Industrial Internet of Things (IIoT), Internet of Things (IoT), cloud servers, virtualized environments, and mobile devices.

Cybersecurity and threat intelligence

The rate of change in some enterprise environments is so rapid many organizations struggle to keep pace with the evolving nature of cyber threats or have the ability to stay tuned into the threats that arise. To build an effective cybersecurity strategy, an organization needs to be aware of specific cyber threats and understand how those threats impact the organization.

Threat intelligence provides context, indicators, increased awareness, and actionable responses about current or emerging threats. This is designed to aid in decision-making at an operational, tactical, or strategic level. Cyber adversaries are using more sophisticated tools, techniques, and procedures that evade stand-alone security plans. Organizations need an evidence-based, holistic view of the threat landscape with a proactive security posture to defend organizations from a wide array of potential threats.

The goal behind threat intelligence services is to provide organizations with the ability to become aware, recognize, act upon attack indicators, and comprise scenarios in a timely manner that better protect against zero-day threats, advanced persistent threats, and exploits. Security teams across the world are challenged to discover, analyze, and interpret the vast number of daily events to discover attacks. Security consortiums are leading efforts to automatically detect, contextualize, prioritize, perform forensic analysis, automate compliance, and respond to incidents go beyond security information management to security threat intelligence.

Facility owners should define what they hope to achieve from threat intelligence; including:

 

  • Types of alerts needed
  • Vendor news
  • How intelligence is collected, reported and communicated to relevant stakeholders
  • Analysis process
  • How threat intelligence would be used.

Threat intelligence feed

An analysis identifying the organization's needs through an internal assessment of the organization's processes, infrastructure, requirements, ability to manage threat intelligence and security posture should be performed. Customers should compare the data feed and capabilities, alerts and reports, relative subscription prices and support offered by providers.

Threat intelligence feeds are becoming a dominant method as an intelligence gathering process for organizations that are developing their threat intelligence capability. These feeds provide a major benefit of combining intelligence into a single source that is easy to digest. The real-time nature of threat intelligence feeds is critical, especially when integrated with security information and event management (SIEM) platforms to allow for automatic comparisons of other feed entries.

Most organizations lack the resources and maturity in their security platforms to take advantage of threat intelligence feeds, which should evaluate the threat information against internal vulnerability assessments to allow for better prioritization of security controls.

A threat intelligence platform should prepare a defense for the organization. Combining threat intelligence capabilities to an organizations' software, hardware, and policy defense strategy enhances the staff's ability to search for advanced attacks, profile atypical malware, and detect potential adversaries. Typical internal threat intelligence teams have been deployed and structured in a way that is costly, hands-on, and misaligned to the organization's security posture.

Customers should work with their provider to improve subscription offerings, selected offerings, technical indicator feeds for integration, specific summary reports on events and emerging cyber threats, trends within the various business sectors and ensure that it is aligned to a long-term vision with integrated processes, and business requirements. 

Too few cybersecurity professionals, tools

The industry still has to address the growing shortage of skilled cybersecurity professionals, isolated security products, lack of integration with other devices and management tools, lack of funding, and inadequate correlation of threat data. Companies must be mindful implementing programs to avoid the typical failings such as not integrating threat intelligence into the enterprise platform, consuming but not sharing data, manual processes becoming a burden, no real-time data to provide security awareness, and lacking contextualized information.

In a global environment where cyber attacks are generated at a machine level, customers must ensure the identification, sharing, comprehension, and application of threat intelligence is as automated as possible. An automated platform allows for easy access to the intelligence and the ability to contextualize and prioritize attacks for immediate mitigation strategies. Effective intelligence assesses intelligence from various sources and source types to create a better threat and risk image for an organization.

The value to end customers is not the quantity of the various intelligence feeds, but the applicability of those feeds to their entire environment. The ability to customize dashboards and filters to continuously illustrate threats allows security teams to focus on threats that impact the organization. The threat intelligence market offers different types of information feeds that are not necessarily aligned to any industry or large manufacturer installed base. Though intelligence platforms must be recognized as a critical component to cybersecurity, organizations must define their high-level requirements, functional requirements, and visibility requirements.

Through collecting continuous threat intelligence, analysis, and optimization, organizations can increase their protective measures and strengthen their security tools. Significant and beneficial trends for cybersecurity in the following areas include:

 

  • Threat awareness over the past 5 years, has risen from 25% to 75%. Companies have realized that cyber attackers had the advantage of knowing more about their networks than they did and are now becoming more proactive.
  • The percentage of organizations that have formalized in-house/out sourced teams to address threat intelligence has risen from 25% to 45% over the past two years.
  • The overall level of satisfaction with various threat intelligence elements that companies use is approximately 73%. This may be skewed as some may not understand what they are not receiving from other threat intelligence.

The industry also is making progress as data science and machine-learning models are delivering entirely new ways of looking at threats; this has the effect of avoiding the dependency of seeing the threat previously to provide security. Data science and machine-learning models can evaluate the traffic based on the collective knowledge of all internal and external threats previously to ascertain discrepancies that may become threats. According to recent research including reports from Statista and IDC, it's estimated that global external threat intelligence services spending is expected to increase to over $1.6 billion by the end of 2018.

Anil Gosine is a global program manager at MG Strategy+, a CFE Media content partner. Edited by Emily Guenther, associate content manager, Control Engineering, CFE Media, eguenther@cfemedia.com.

MORE ANSWERS

KEYWORDS: Threat intelligence feeds, cybersecurity

The importance of threat intelligence feeds

Implementing a successful mitigation strategy against cyber attacks

Consider this:

How would implementing a threat intelligence feed improve your organization's defense against a cyber attack?



Top Plant
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2017 Top Plant.
Product of the Year
The Product of the Year program recognizes products newly released in the manufacturing industries.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
February 2018
2017 Product of the Year winners, retrofitting a press, IMTS and Hannover Messe preview, natural refrigerants, testing steam traps
March 2018
SCCR, 2018 Maintenance study, and VFDs in a washdown environment.
Jan/Feb 2018
Welding ergonomics, 2017 Salary Survey, and surge protection
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
December 2017
Product of the Year winners, Pattern recognition, Engineering analytics, Revitalize older pump installations
April 2018
Implementing a DCS, stepper motors, intelligent motion control, remote monitoring of irrigation systems
February 2018
Setting internal automation standards
December 2017
PID controllers, Solar-powered SCADA, Using 80 GHz radar sensors

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

The Maintenance and Reliability Coach's blog
Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
One Voice for Manufacturing
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Maintenance and Reliability Professionals Blog
The Society for Maintenance and Reliability Professionals an organization devoted...
Machine Safety
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
Research Analyst Blog
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Marshall on Maintenance
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
Lachance on CMMS
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
Maintenance & Safety
The maintenance journey has been a long, slow trek for most manufacturers and has gone from preventive maintenance to predictive maintenance.
Industrial Analytics
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
IIoT: Operations & IT
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Randy Steele
Maintenance Manager; California Oils Corp.
Matthew J. Woo, PE, RCDD, LEED AP BD+C
Associate, Electrical Engineering; Wood Harbinger
Randy Oliver
Control Systems Engineer; Robert Bosch Corp.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me