Why You Need Cyber Threat Intelligence


As seen on Forbes Tech Council

Recently, renowned hacker and Twitter’s former head of security Peiter Zatko released a whistleblower complaint claiming the company’s user data protections are at risk due to flawed security measures. If these claims are true, Twitter could be found in violation of an agreement made with the Federal Trade Commission and the issue could become one of national security.

This news may be unsurprising to many in the cybersecurity community, but it highlights the ongoing need for security leadership to have a seat at the table and to set realistic expectations for cybersecurity within their organizations.

Why Proactive Cybersecurity is Important

With the total global cost of cybercrime expected to jump to over $10 trillion by 2025, according to Cybersecurity Ventures, safeguarding against data breaches, ransomware and other cybersecurity threats must be a top concern for businesses of all sizes across every industry. Legacy systems are no longer able to handle the pace or volume of threats hurled at them every day. We must adopt a more proactive approach to cybersecurity rather than depending solely on reactive solutions. This includes gathering and implementing real-time threat intelligence from multiple sources in order to identify and prevent bad actors from exploiting vulnerabilities. 

It used to be that when you were attacked, you could restore your data and get back to normal. Those days are long over. Today, once your network is compromised, it is too late to fix it—the data has leaked, the ransom has likely already been paid, and the damage has been done. Today’s cybercriminals are relentless and require real-time data to actively defend against their attacks every moment of every day.

Our company recently conducted a survey of more than 300 IT professionals to determine the state of enterprise cybersecurity today and gather insights to lead us into a more secure future. Seventy-two percent of respondents have added new technologies in the past 12 months and nearly half (46%) have more than six tools and services in their security stack today. At the same time, 27% don’t even know how many tools they have in their security stack, and almost a quarter of professionals (24%) said their security posture is average or below average, indicating their awareness of their security stack vulnerabilities. 

Furthermore, a recent Gartner survey found that 75% of organizations are pursuing security vendor consolidation. This consolidation is overwhelmingly pursued not in the name of cost savings but rather to improve risk posture and reduce the strain on these organizations’ security teams.

These knowledge gaps have consequences and leave networks, users and data vulnerable to attacks. Simply put: If you don’t know what’s in your security stack, then you don’t know where your vulnerabilities even are. 

Repercussions Of A Penetrable Security Stack

Today’s threat actors are relentless and try to come in from every angle imaginable, making it dangerous for organizations with a traditional, single-minded approach to cybersecurity. We can’t just invest in a firewall or antivirus software and call it a day. The risks of not being confident your networks are secure enough are simply too high in today’s threat landscape.

Firewalls—while still an integral part of any organization’s security stack—have significant shortcomings. They have limited and proprietary threat intelligence capabilities and often even more limited abilities to integrate with third-party threat intelligence. Often they are asked to perform too many tasks they were never designed to do, draining resources and leaving the network vulnerable. In addition, management of these firewalls can be manual and slow, which can lead to countless alerts, ignored updates and critical changes and threats remaining unaddressed. When the firewall management becomes overwhelming, threat actors can weasel their way in. Organizations think their firewalls are protecting their attack surface—and they forget that their firewalls are also part of their attack surface.

A successful security stack employs both reactive (taking care of threats that have already happened) and proactive (such as real-time threat intelligence-driven) security solutions to create a comprehensive defense against threat actors. Unfortunately, the challenges many organizations face include narrowing down which intelligence sources they’re pulling from, how many can be leveraged at a time, and how they’re integrated into firewalls and other security solutions. 

No one source of threat intelligence or existing security control can successfully cover the entirety of the threat landscape. It is critical for organizations to deploy threat intelligence from multiple sources, even those that traditionally would compete with one another. These can include commercial providers, open source intelligence data, government agencies and industry sources—all working together to provide organizations with visibility into the traffic affecting their networks. 

How to Ensure Your Network is Protected

The data is in and the results are clear: What we don’t know in the cybersecurity world can hurt us. Thankfully, there are steps your organization—regardless of size—can take to help ensure your network, users and data are protected.

• Run a full threat scan to better understand your overall security posture. This will allow you and your IT/security teams to make informed decisions regarding vulnerabilities and available assets.

• Employ both proactive and reactive cybersecurity solutions. While you want to be ready to act if a threat becomes an attack, the true goal is to prevent that from occurring in the first place. This is a long-overdue cybersecurity paradigm shift.

• Leverage and integrate threat intelligence from multiple sources. One company’s singular and proprietary view of the threat landscape is not enough. Deploying a multilayered (yet manageable!) security stack is the only way to ensure your organization is protected.

In the cybersecurity world, we often like to describe a security stack as a block of Swiss cheese. Even though each individual slice may have holes in it, when they are all stacked up against each other, the holes are filled. Investing in a multilayered, adaptive and integrated security stack fills those holes. Cybersecurity threats will only increase, and the risks for any organization are too costly to rely on a single security solution any longer.