![\"\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/12\/25074640\/Secure-future-logo_png.png\"){kind=logo}
\t\t\t\t<\/a>\n\t\t\t\t\t\tSTOP FIREFIGHTING<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
Make the right choices<\/span><\/h3>\n\t\t\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tHow to be smarter about cybersecurity procurement<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t
\n\t\t\t\t\tLearn how<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t<\/div>\n\t\nWhy you need threat intelligence<\/h2>\n
Threat intelligence is the overlay that turns seeing threats into knowing when and how to act. Gartner defines threat intelligence<\/a> as:
\n<\/p>Evidence-based knowledge \u2013 including context, mechanisms, indicators implications and actionable advice \u2013 about an existing or emerging menace or hazard to assets that can be used to inform decisions about how to respond.<\/p>\nRob McMillan<\/strong><\/p>Gartner Analyst<\/p><\/cite><\/blockquote>\n
I\u2019m not arguing with that.<\/p>\n
But no two battles against cyber-threats are quite the same. Using threat intelligence, you can join the dots between related attacks to pinpoint who your adversary is, then adjust your defense strategy to block them.<\/p>\n
Data suggests a \u2018threat pyramid\u2019<\/h2>\n
Every day, we face more threats. These range from everyday commodity threats \u2013 easily detected, known malware \u2013 to advanced threats and targeted attacks using known TTPs (tactics, techniques and procedures,)<\/a> and rare but deadly advanced persistent threats (APTs.)<\/a><\/p>\nThe data paints a picture known as the \u2018threat pyramid.\u2019 Almost all threats we see are mundane, like common malware. A small number are advanced threats and targeted attacks, like the banking trojan malware Emotet<\/a>, hitting small- and medium-sized businesses (SMBs) and enterprises hardest. A tiny number are APTs, affecting few organizations with devastating consequences. These are the most poisonous needles in the data stack.<\/p>\nYou need a strategy, not a platform<\/h2>\n
![\"Threat](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/12\/25141817\/M068_Threat_intelligence_drive_SOCS_inline_v2-1024x768.jpg\")
\nGood threat intelligence is more than just buying a platform and hoping for the best. Like all effective cyber-prevention, it blends technology, strategy and effort. Good threat intelligence gives you the insight you can act on \u2013 from real-time alerts of a potential breach to helping paint a bigger picture that educates your senior stakeholders about the ongoing risks. This, in turn, indicates what software and investment you need to keep harm at bay.<\/p>\n
At the basic level, threat intelligence provides alerts and blocking for indicators of compromise (IOCs). Contextual alerts and e-signature management help determine the validity and severity of attacks to form your incident response approach. Another use case is fusion analysis, used by Kaspersky CyberTrace<\/a> \u2013 pulling together and evaluating disconnected data feeds to help identify which threats pose a danger.<\/p>\nAnd threat intelligence can inform your cybersecurity strategy too. By using intelligence relevant to your risk posture, security planning informs architecture decisions and helps you refine your security processes to better defend against known threats.<\/p>\n
If you\u2019re working with a managed service provider<\/a> (MSP) to run your security operations, ask how they\u2019ll install and run your threat intelligence service, and how much time and effort you\u2019re getting. Its round-the-clock nature means it\u2019s not the easiest service to outsource.<\/p>\nThreat intelligence\u2019s big three<\/h2>\n
When planning and buying your solution, there are more advanced threat intelligence options like human-readable threat hunting reports and threat attribution<\/a>, but to start, you\u2019ll need three components:<\/p>\nIOC (indicator of compromise)<\/h2>\n
IOC is the basis of threat intelligence. It\u2019s evidence we can measure and recognize like a fever is the outward sign of disease in the body. There are many IOC services. To choose the right one, you\u2019ll need to know which threats you\u2019re most likely to face.<\/p>\n
Threat data feeds<\/h2>\n
These provide integrated intelligence by analyzing adversaries and the wider threat landscape. There are many on the market, both free and paid. To choose the best one for you, ask: do we need an APT data feed if we\u2019re not a likely target for APT groups? Where is the best place in the IT infrastructure to add the feeds? Should we block threats or just alert the team? Your answers will depend on your organization\u2019s security posture and IT strategy.<\/p>\n
Threat intelligence platform<\/h2>\n
A threat intelligence platform lets you manage a range of specialist software that supports the different components. What you choose and how you integrate services comes down to your budget and business needs. Although there are open-source data feeds out there, you can buy more sector-specific intelligence. It\u2019s essential to drill down when you purchase threat intelligence services<\/a> to make sure the vendor provides a responsive service \u2013 both in the quality of data feeds and speed if they\u2019re providing incidence response.<\/p>\nWith careful planning, while choosing a vendor and a well-thought-out strategy, your SOC can benefit from the full protection and power of threat intelligence. The needles will still be in your data stack, but you\u2019ll have the tools to find and break them.<\/p>\n","protected":false},"excerpt":{"rendered":"
If data is the new oil, today we live in the aftermath of an oil spill. Among a million alerts, we need threat intelligence to find and prevent the most dangerous attacks.<\/p>\n","protected":false},"author":2536,"featured_media":31945,"template":"","coauthors":[3604],"class_list":{"0":"post-31944","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-threat-intelligence","7":"emagazine-category-threat-intelligence-2020","8":"emagazine-tag-cyberattacks","9":"emagazine-tag-data","10":"emagazine-tag-malware"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/threat-intelligence-socs\/31944\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/threat-intelligence-socs\/21835\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/secure-futures-magazine\/threat-intelligence-socs\/20162\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/secure-futures-magazine\/threat-intelligence-socs\/21435\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/secure-futures-magazine\/threat-intelligence-socs\/17009\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/31944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2536"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/31945"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=31944"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=31944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
How to be smarter about cybersecurity procurement<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t
Why you need threat intelligence<\/h2>\n
Threat intelligence is the overlay that turns seeing threats into knowing when and how to act. Gartner defines threat intelligence<\/a> as: Evidence-based knowledge \u2013 including context, mechanisms, indicators implications and actionable advice \u2013 about an existing or emerging menace or hazard to assets that can be used to inform decisions about how to respond.<\/p>\n Rob McMillan<\/strong><\/p> Gartner Analyst<\/p><\/cite><\/blockquote>\n I\u2019m not arguing with that.<\/p>\n But no two battles against cyber-threats are quite the same. Using threat intelligence, you can join the dots between related attacks to pinpoint who your adversary is, then adjust your defense strategy to block them.<\/p>\n Every day, we face more threats. These range from everyday commodity threats \u2013 easily detected, known malware \u2013 to advanced threats and targeted attacks using known TTPs (tactics, techniques and procedures,)<\/a> and rare but deadly advanced persistent threats (APTs.)<\/a><\/p>\n The data paints a picture known as the \u2018threat pyramid.\u2019 Almost all threats we see are mundane, like common malware. A small number are advanced threats and targeted attacks, like the banking trojan malware Emotet<\/a>, hitting small- and medium-sized businesses (SMBs) and enterprises hardest. A tiny number are APTs, affecting few organizations with devastating consequences. These are the most poisonous needles in the data stack.<\/p>\n At the basic level, threat intelligence provides alerts and blocking for indicators of compromise (IOCs). Contextual alerts and e-signature management help determine the validity and severity of attacks to form your incident response approach. Another use case is fusion analysis, used by Kaspersky CyberTrace<\/a> \u2013 pulling together and evaluating disconnected data feeds to help identify which threats pose a danger.<\/p>\n And threat intelligence can inform your cybersecurity strategy too. By using intelligence relevant to your risk posture, security planning informs architecture decisions and helps you refine your security processes to better defend against known threats.<\/p>\n If you\u2019re working with a managed service provider<\/a> (MSP) to run your security operations, ask how they\u2019ll install and run your threat intelligence service, and how much time and effort you\u2019re getting. Its round-the-clock nature means it\u2019s not the easiest service to outsource.<\/p>\n When planning and buying your solution, there are more advanced threat intelligence options like human-readable threat hunting reports and threat attribution<\/a>, but to start, you\u2019ll need three components:<\/p>\n IOC is the basis of threat intelligence. It\u2019s evidence we can measure and recognize like a fever is the outward sign of disease in the body. There are many IOC services. To choose the right one, you\u2019ll need to know which threats you\u2019re most likely to face.<\/p>\n These provide integrated intelligence by analyzing adversaries and the wider threat landscape. There are many on the market, both free and paid. To choose the best one for you, ask: do we need an APT data feed if we\u2019re not a likely target for APT groups? Where is the best place in the IT infrastructure to add the feeds? Should we block threats or just alert the team? Your answers will depend on your organization\u2019s security posture and IT strategy.<\/p>\n A threat intelligence platform lets you manage a range of specialist software that supports the different components. What you choose and how you integrate services comes down to your budget and business needs. Although there are open-source data feeds out there, you can buy more sector-specific intelligence. It\u2019s essential to drill down when you purchase threat intelligence services<\/a> to make sure the vendor provides a responsive service \u2013 both in the quality of data feeds and speed if they\u2019re providing incidence response.<\/p>\n With careful planning, while choosing a vendor and a well-thought-out strategy, your SOC can benefit from the full protection and power of threat intelligence. The needles will still be in your data stack, but you\u2019ll have the tools to find and break them.<\/p>\n","protected":false},"excerpt":{"rendered":" If data is the new oil, today we live in the aftermath of an oil spill. Among a million alerts, we need threat intelligence to find and prevent the most dangerous attacks.<\/p>\n","protected":false},"author":2536,"featured_media":31945,"template":"","coauthors":[3604],"class_list":{"0":"post-31944","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-threat-intelligence","7":"emagazine-category-threat-intelligence-2020","8":"emagazine-tag-cyberattacks","9":"emagazine-tag-data","10":"emagazine-tag-malware"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/threat-intelligence-socs\/31944\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/threat-intelligence-socs\/21835\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/secure-futures-magazine\/threat-intelligence-socs\/20162\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/secure-futures-magazine\/threat-intelligence-socs\/21435\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/secure-futures-magazine\/threat-intelligence-socs\/17009\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/31944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2536"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/31945"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=31944"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=31944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/p>Data suggests a \u2018threat pyramid\u2019<\/h2>\n
You need a strategy, not a platform<\/h2>\n
\nGood threat intelligence is more than just buying a platform and hoping for the best. Like all effective cyber-prevention, it blends technology, strategy and effort. Good threat intelligence gives you the insight you can act on \u2013 from real-time alerts of a potential breach to helping paint a bigger picture that educates your senior stakeholders about the ongoing risks. This, in turn, indicates what software and investment you need to keep harm at bay.<\/p>\nThreat intelligence\u2019s big three<\/h2>\n
IOC (indicator of compromise)<\/h2>\n
Threat data feeds<\/h2>\n
Threat intelligence platform<\/h2>\n