An Article written by Trainee Moath Aljohani From University Of Prince Mugrin about Cyber Threat Intelligence
Introduction: In today’s world when the internet has expanded, many people and organizations had suffered from cyberattacks. Wither these attacks were software-based attacks or hardware-based attacks. Also, these attacks cost individual and the organizations lots of money. Crackers will come up with a new techniques and ideas of harming or stealing from internet’s users, and the main motivation reason of all these types of attacks is the money. Those attackers will try to raise money by selling information that the stole to the highest bet. Since the internet became a mandatory in nearly all people daily life, the risk of getting attack or losing data is very high. Here where the cybersecurity plays the rule, cybersecurity is hot topic these days. All the companies that provide technology products have put security on their top requirements when there developing new technology or updating an old one. Also, companies which provide cybersecurity services got their stocks high because all big and small organization try to make their network environment secure and impervious against cyber-attack. Cyber threat intelligence is one of techniques that organizations use to help them prevent attacks from happing. What is Cyber threat intelligence? It is a hot topic and because of that there are a lot of different definitions explained CTI, here are some of known quotes: Gartner said, “Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.” SANSA institute said, “The set of data collected, assessed and applied regarding security threats, threat actors, exploits, malware, vulnerabilities and compromise indicators”. The purpose of Cyber Threat Intelligence: Solutions always comes after sabotages, that means in the past organizations were fixing cyber-security problem after it happened. They did not have a choice because no one was sharing information about cyber-attacks, and that made their job harder. In 2012, a Saudi oil company and 21 other organizations got a cyber-attack by the same virus, it called Shanoon. According to Al-arabiya, “Shamoon is known to disrupt computers by overwriting the master book record, making it impossible for them to start up”. One of the reason that Shamoon attack was a success is because organizations did not share knowledge together, and that also a mean reason for most other attacks. Cyber threat intelligence (CTI) has almost fixed this problem. Sharing threats is not the only use of CTI, there are five other great factors. According to Up work they are:
Prevent data loss: A well-functioning threat intelligence system can monitor attempts of communication with malicious IPs and domains and gather intelligence data.
Detect breaches: The sooner a breach is detected, the smaller the impact is on the business. For example, enabling deep packet inspection together with network monitoring allows security analysts to detect viruses, intrusions, and protocol non-compliance.
Threat analysis: It’s not enough for a business to be able to detect threats if it doesn’t come to understand the attack patterns, and the hackers’ Tactics, Techniques and Procedures (TTPs). A threat analysis offers insights into the necessary defense mechanisms and other measures that may be required.
Incident response: The threat intelligence can provide the company with guidance in the event of a breach regarding its magnitude, and method of operation, and help identify the compromised systems.
Data analysis: A thorough analysis of the data collected helps the organization discover additional information regarding the threat, such as the attacker’s motives and the assets which are persistently attacking.
Cyber threat intelligence’s Provider: There are many options when it comes to CTI system, some company provide it with SEIM solutions. On the other hand, some company would provide it as a system itself. The clients will decide on how they want CTI. Some example of companies that provide CTI:
IBM X-Force Exchange.
Anomali (Threat Stream).
Palo Alto (Network Auto Focus).
RSA (NetWitness Suite).
LogRhythm (Threat Lifecycle Management Platform).
FireEye iSIGHT (Threat Intelligence).
LookingGlass (Cyber Solutions).
Alien Vault (Unified Security Management).
And there always the option of building their own CTI platform via open source, some organizations have the source and the capability to build it. That will give more advantage because if any problem happens in the CTI system, they will have the ability to fix it by themselves rather than waiting for the support of the provider. Conclusion: In sum, cybersecurity is very important for all organizations, cyber threat intelligence is one of the necessary system for them. The cybersecurity market is requested a lot in this time, because of the technology evolution. Many universities start to make a major called cyber-security to attract students who want to get in this field. I encourage young generation to learn and read more about cybersecurity, because it will be one of the important fields soon. Resources: “Why You Need Cyber Threat Intelligence”, by DATAFLOQ. https://datafloq.com/read/why-you-need-cyber-threat-intelligence/3590?amp-content=amp“What is Threat Intelligence and How It Helps to Identify Security Threats”, by Wang Wei. November 07, 2015. https://thehackernews.com/2015/11/what-is-cyber-threat-intelligence.html “What Is Cyber Threat Intelligence And Why You Need It”, by Elena Leu.https://www.upwork.com/hiring/for-clients/what-is-cyber-threat-intelligence/ “Eight Top Threat Intelligence Companies”, by Drew Robb. July 17, 2017.https://www.esecurityplanet.com/products/top-threat-intelligence-companies.html