Cyberthreat intelligence is a hot topic right now in the security arena. It’s a natural progression of the big data analytics buzz, so why not take the same ideas and apply them to cybersecurity? By mining data, from inside and outside the business, a new level of insight is possible.
That’s the theory anyway. For a business with no experience in big data or cyberthreat intelligence, the leap might seem mildly daunting. James Chappell is chief technology officer at threat intelligence specialist Digital Shadows. Speaking at Interop London, he gave some handy hints on how businesses could begin to use intelligence to regain the upper hand.
[To hear more on this topic, register for your free tickets to Interop London.]
“I think it’s fair to say that most companies already do cyberthreat intelligence in one form or another,” Chappell said. “But we’ve got much more effective at sharing, and we are doing it in a way never done before. We used to share by going to meetings with our peers but now we are doing it on a machine-to-machine basis.”
“We can also use compute resources at scale in ways we were never able to before,” Chappell added. “There are huge opportunities here.”
So where does a business start? It is important to first have a proper definition of the term intelligence, according to Chappell. While this might sound a touch rudimentary, it provides a useful foundation when thinking about how best to use the data already at our disposal. Intelligence, he said, is “information that provides relevant and sufficient understanding for mitigating the impact of a potentially harmful event.”
He argues that intelligence isn’t intelligence until you do something with it: “Even if you have an intelligence provider, until you’ve consumed the data and taken some action, it’s arguable that it’s not intelligence."
With this in mind, the CTO told the audience that there is plenty that organisations can do to start using their data before even considering a threat intelligence service provider.
“There is a bunch of stuff that businesses can do without spending a bean,” Chappell said. “For a starter, you can talk to your Computer Emergency Response Team, either for your country or for your vertical. You just get in touch, receive their alerts – and now you can start to do threat intelligence.”
Collaboration is also key, he stressed. Sharing amongst peers is one of the most effective forms of intelligence gathering.
“Attackers collaborate all the time against us,” Chappell noted. “Go onto Tor and look at the dark marketplaces; you can see that ecosystem of threats taking place – very, very innovative and real collaboration. We need to do that as an industry if we are going to have any hope at all of defending ourselves. It’s vitally important that we collaborate with our peers as much as possible.”
Another handy hint, for businesses looking to dip their toes into the frigid waters of threat intelligence, is to use tools already at the organisation’s disposal.
“Your marketing teams already have monitoring solutions, why not use them? Look at how you are being discussed online. Look for the negative conversations, and see if they tell you anything about threats against your business. All of this stuff gets you off the starting blocks for threat intelligence.”
Interop, the flagship event of London Technology Week, takes place at ExCeL London June 16 to 18 2015. Find out more here.Sean McGrath is a freelance IT writer, researcher, and journalist. He has written for PC Pro, the BBC, and TechWeekEurope, and has produced content for a range of private organizations. Although he holds a first class degree in investigative journalism, his dreams of being a ... View Full Bio