Using a threat intelligence platform for stronger cybersecurity

Large-scale data breaches and cybercrime continue to rise in the U.S. and across the globe. The Identity Resource Center reported that U.S. data breaches reached an all-time high in 2016, with 1,930 breaches. That’s a 40 percent increase from 2015. More effective security operations, including the use of threat intelligence platforms, help combat this growing volume.

There was a 40 percent increase in data breaches between 2015 and 2016.

To identify and resolve data breaches and hacks faster, companies are spending more on security operations. According to Gartner, global spending on information security is expected to reach $90 billion in 2017, which is an increase of 7.6 percent over 2016. Even as more companies increase their investments in cybersecurity, many are still losing ground as cyberattacks become more sophisticated and voluminous. An Enterprise Strategy Group survey revealed that most respondents felt security operations and analytics are harder to manage than in the past due to the increasing volume of security issues.

Businesses needed a better security solution

Companies looking for new ways to improve incident response capabilities and risk management are considering threat intelligence as part of their integrated security operations strategy. Threat intelligence collects and analyzes internal and external data from multiple sources, turning it into actionable data. Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”

Extending the capabilities from tracking suspicious events to anticipating risks, threat intelligence can potentially improve situational awareness to help businesses defend themselves against current and potentially new cyber attacks.

However, even with greater intelligence, significant lags between discovery and remediation leave most organizations ill-equipped to address increased threats.

Massive amounts of data from different sources, manual methods, lack of IT resources (both staff and technology), and the wrong tools can delay and even halt the productive use of threat intelligence in making quick decisions that protect businesses from cyber attacks. To successfully utilize threat intelligence, companies need a security infrastructure that:

• Consolidates information in one platform
• Standardizes processes, so everyone is on the same page
• Automates operations and eliminates redundant manual work
• Supports collaboration, so cybersecurity and IT team members work together more effectively
• Incorporates user-friendly dashboards for easy data manipulation and reporting

Enhancing SIEM

A threat intelligence platform that works in conjunction with a security information and event management (SIEM) system can provide a more complete solution to corporate security. While SIEMs do a good job collecting and analyzing security events to identify malicious activity, they are unable to detect future adverse behavior from different sources based on past activity. As companies shift more attention to detection and response, a SIEM falls short in supporting evolving needs.

We all know that SIEMs are powerful but we also know that they simply generate too many false positives, causing security teams to be overwhelmed. Companies today receive as many as 150,000 alerts daily, most originating from their SIEM. As a result, identifying a legitimate alert becomes cumbersome.

Companies receive as many as 150,000 security alerts per day, most of which are coming from their SIEM system.

A threat intelligence platform can take SIEMs to the next level by adding capabilities to collect security data from multiple formats that originate from disparate sources, correlating that data and then feeding relevant information back into the SIEM for faster remediation of threats.

The faster a threat is identified, the faster it is resolved, saving a company time and money. In addition, a threat intelligence platform provides awareness into potential risks so companies can prepare for future attacks.

An article on DarkReading reports that threat intelligence platforms also have the potential to become more strategic by ranking threats by severity, data source and/or the relevance of the threat to the organization. In the future, they may support the exchange of risk data among enterprises.

But even after acknowledging the potential value of threat intelligence platforms, companies must decide what tools to use in their existing security infrastructures.

Threat intelligence + SAO = faster response to risks

Swimlane offers a security automation and orchestration (SAO) platform that leverages threat intelligence to support faster and more intelligent incident response. Identifying legitimate threats early in the kill chain is crucial to an active defense strategy.

Swimlane’s security orchestration and automation platform integrates threat intelligence as part of the incident and remediation process, consolidating all security events, incidents, alerts and other tasks into a single location for a more cohesive view of current and potential threats. In addition to automating routine security tasks, Swimlane provides centralized access to cases, reports, dashboards and metrics for authorized users.

Using customized dashboards, security analysts can review data directly in Swimlane without the need to cut and paste data into other programs. At the same time, threat intelligence tables can be manipulated to look for new threats or find new associations that can help to develop preventative or responsive action.

Automated workflows and the provision of context for every alert increases SecOps throughput by up to 5X.

Using threat intelligence with Swimlane’s SAO platform, companies can:

• Prioritize alerts
• Increase situational awareness
• Customize dashboards
• Optimize attack chain response
• Automate processes and workflows
• Increase efficiency and standardize processes
• Gain a broader understanding of threat intelligence
• Improve operational performance

Contact us today to discuss how we can take your security infrastructure to the next level with a security automation and orchestration platform that integrates threat intelligence, or for more information on how your organization can use security automation and orchestration download our Automating Incident Response e-book.