Question: “What is the importance of integrating external threat intelligence into an organization’s overall security posture?"
- David DeCamillis, Platte River Networks
Answer: Not all threats are created equal.
External threats can come from a variety of places—spanning malicious URLs, phishing attacks, web applications, and other sources—and the threats are always changing.
Similarly, an organization’s network changes constantly as they regularly install new programs, systems and devices.
The only way to protect them all from cyberattacks is to ensure their security software is always being retrained to look for new threats.
Analytics and assessment of normal versus abnormal network behavior across your entire business, not just within individual departments, can foster a more robust understanding of threats.
However, the accuracy of this process can only be assured using the latest threat intelligence.
Threat intelligence allows organizations to strengthen their security posture against the attacks that are most likely to occur.
The focus of the data and analysis collected by threat intelligence solutions revolves around protecting servers and devices against malicious software, while also helping to identify and prevent data exfiltration.
Once, such analysis was conducted by human specialists who spent time manually identifying and evaluating threats.
Now, threat intelligence technology has evolved to a more automated process that uses machine learning and data analytics.
With the help of automation, security teams can prioritize alerts and security event notifications and, ultimately, save both time and money.
The kind of awareness advanced threat intelligence provides will help organizations determine what data to protect, and can also serve as a guide for security investments.
Just because hackers continue to innovate doesn’t mean organizations should give up on detection, protection and remediation.
The bottom line is that it’s important to have threat intelligence embedded into your security portfolio before an attack has the opportunity to cause severe damage.
Overall, the importance of integrating threat intelligence lies in having up-to-the-minute access to the latest security data, and then using that data to counter threats across the security tools you have in place.
George Anderson is director of product marketing at Webroot.
“Ask a Security Expert” is an occasional feature. Send tips and news to [email protected].