Verizon announced a new threat intelligence platform. This brings insight from the company’s large cyber-security incident investigation operation to enterprises.
This means that cyber-security threat intelligence that’s derived from Verizon’s network is being available through integration with Anomali Threat Platform. Because of Verizon’s new announcement, we can see that they are attempting to add threat intelligence within their overall infrastructure.
The intelligence that Verizon provides benefits from it’s Verizon Risk Report (VRR) and Data Breach Investigations Report (DBIR). Both can be used to provide more insight into finding cyber risks.
“We’re in a special place within the security context because we are placed between victims and the cyber criminals that attack them”, Bryan Sartin, the executive director of Verizon’s Global Security Services told eWEEK, “This places us in a position of using certain optics, and is a by-product of the optics and creating intelligence that can make a difference for detection, and in response to severe cyber attacks that are in motion”.
Verizon is now making plans to take cyber attack history and intelligence and makes it available to help identify recent and previous threats, according to Bryan. For instance, he said that a company could search and check to see if there is an IP address that’s been seen before an associated risk level and an attack.
With Verizon’s new development of threat intelligence, it leaves the open question “What types of threat intelligence platforms are out there?”. Knowing each form of threat intelligence platform will help you create a system to help your IT team.
Threat intelligence platforms are used to organize feeds of data (up to the thousands) into single containers. The platforms allow you to configure alerts on your data from feeds and helps by making it consumable by removing extra entries and enabling you to prioritize these data sources.
The advantage of using a threat intelligence platform is that you can configure alerts on data from feeds and makes it more consumable by removing additional entries and allows you to prioritize the sources of data.
The biggest advantage of this platform has over threat feeds is its integration with incident response platforms or SIEMs. And you can bring in any form of threat data that you have access to in a central view.
On the other hand, your IT team still has to configure every feed, and there isn’t a real analysis of the data until it reaches a person.
Ultimately, your threat intelligence platform will only be as good as the data you place into it. Without having real context around indicators, security teams will have issues trying to investigate every issue available, realize it’s not possible, and risk not being able to respond to issues altogether.
These data feeds are a main point for making threat intelligence programs. This is because it gives users potential threat indicators such as file hashes, IP addresses, and domains.
The issue is that while the data can arrive quickly, there is no context to those indicators. On its own, the data is unable to answer important questions such as:
This service has their roots in a system called HUMIT (military tradition of human intelligence). At first, HUMIT was used by humans to help assist other humans, but this process evolved to humans analyzing and collecting data from machine and human sources to show information on ongoing and emerging threats — in this scenario, cyber threats.
For instance, human analysts can work from a single incident to create a picture of procedures, techniques, and tactics that help make an intelligence report that can be useful for other industries that are affected.
Usually, these reports display the information in full detail. The results of the report can be updated to a searchable database for users to access later on.
The only drawback of this threat intelligence platform is that the data needs to be collected manually. This data can be gathered from a multitude of random or inappropriate sources (deep web, dark web, open web). This means that it can take a significant amount of time to be produced.
Leading service providers start to make use of machine learning techniques and advanced analytics to increase analytical efficiency since the reports can be made faster without removing the vital context.
A complete threat detection solution brings together the functionality and capabilities of feeds, platforms, and providers, with each of these pieces giving users the opportunity to receive the most from intelligence that’s available. They are designed to retrieve data from multiple sources to make it in a real-time view.
One would expect that machine learning and automation capabilities that can connect the dots automatically and provide context across through these sources to make some threat content. Plus, this type of technology was made to provide a solution faster than that of a human analyst, resulting in faster intelligence.
Complete threat detection solution will allow users to centralize any form of data that you have access to. And it lets you customize the intelligence for integrating with other parts of security intelligence.
The advantage of this solution is obvious. Users can use technology that can balance the access to makes it suitable for complete threat intelligence. This makes it easier for users to stay with one vendor that can acknowledge your technology demands. And, you’ll be able to keep your company safe from any inside and outside threats.
We believe that the future of threat intelligence platforms will have more responsive machine learning systems. Since Verizon is creating their own platform, we can see that large corporations are starting to take charge in the right direction. Conclusively, as threat intelligence technology grows, it will save businesses time, money, and help them effectively solve problems.
Do you have any questions related to threat intelligence?
Tell us in the comments below!
Sources: