Cybersecurity Resources to Safeguard Your Network

Instrumentation for Proactive Defense

Written by Celerium Blogmeister | May 9, 2019 4:56:10 PM

Hey, CISOs, CTI Analysts, and Managers!

You probably know that using cyber threat intelligence effectively is a crucial part of your cyber defense strategy. But do you find dealing with data from multiple sources to be overwhelming? Does it seem like finding relevant intelligence is like trying to find a needle in the haystack? Are you unsure how to take action on that intelligence to mitigate risk?

This is exactly what we discussed in our latest BrightTALK webinar, led by Celerium™ Senior Solutions engineer Michael Pepin (of Hail-a-Taxi and PickUpStix fame), and Vice President George Johnson. They discussed how instrumentation can help you use cyber threat intelligence proactively, and how to not just “deal” with threat data — but how to leverage it to reduce cyber risk.

This BrightTALK webinar, which you can access here, focuses on a simple way you can connect the intelligence you receive from outside your organization with the intelligence generated by tools you’re already using, such as a firewall, to help mitigate cyber risk. While outside threat intelligence is important, it doesn’t help you unless you know what’s going on within your own network. First, you need to gather the data from the logs on your own network in a syslog aggregator. This helps you see changes in your network, but doesn’t tell you whether the changes are good or bad. That’s where outside threat information comes in.

There are three key sources of outside cyber threat intelligence.

  • Public and open-source feeds

 Public feeds are low-cost, no-cost, and there’s lots of it— but the data tends to be broad and very victim-centric, rather than industry focused. These feeds tend to have low degrees of relevancy for most organizations.

  • Paid Threat Intelligence Feeds

Companies in this market are selling intelligence they’ve gathered on their own. Because they want to sell to as wide a market as possible, this also tends to have a low degree of relevancy to most organizations, because the source casts such a wide net.

  • Community Feeds, such as an ISAC

Sharing communities such as ISACs and ISAOs exist to promote intelligence sharing among similar organizations. The data in these community streams tends to be most relevant, because similar organizations face similar types of threats.

While you can access these sources with tools you may already be using, connecting each tool individually causes information chaos. Having a single threat communication platform streamlines your process and reduces your attack surface. By adding instrumentation, you can then use your outside cyber threat intelligence to tell you what changes on your network you need to worry about.

Attacks move at machine speed. Instrumentalizing your data empowers faster decisions. In this case, speed equals risk reduction. Once you’ve set up instrumentation in your environment, it becomes a much faster process for your team to deal with threats. You can even create playbooks so your analysts are empowered to take immediate action when you’re confident about certain attacks.

Check out the webinar to see instrumentation in action!

In an age where much if not all of our business is conducted through cyberspace, it’s crucial that network security be maintained, especially for organizations that are part of our critical infrastructure. Malicious actors are not going away; they will continue to try new and creative ways to break through defenses. Sharing cyber threat intelligence and collaborating on its use for defensive actions is critical to staying one step ahead of adversaries and preventing attacks.

That’s where Celerium comes in. For more information, check out our solutions.