by Dirk Nijs
- Cloud & Infrastructure Management Belgium Director
When cyber criminals innovate, so does the security industry. Threat intelligence offers a new take on cybersecurity. Rather than focusing on local endpoint protection, threat intelligence broadens the scope, feeding back threat data to a centralized intelligence hub, resulting in better prevention and prediction.
According to Gartner research, just a couple of years from now – by 2021 – endpoint protection platforms will provide automated, orchestrated incident investigation and breach response. Threat intelligence is the key word in that approach. But what is it, and why is it different?
Nothing is more difficult – and frustrating – than taking measures against an enemy who is invisible, who seemingly has no clear strategy and who can strike at any point in time. As we have witnessed over the years, cyber-attacks can cause a lot of damage on various levels, including loss of revenue, reputational damage, decreased customer trust, and so on. Threat intelligence helps provide the defense mechanisms that are necessary to improve the success rates of attack prevention and risk mitigation.
Here is the thing: cyber criminals are innovative as well. Sophisticated cyber attacks consist of several layers, combining various tools and technologies. Each of these elements may look perfectly legitimate, but combined they sometimes prove to be very malicious. An email message, for example, may look harmless. Even the Word file that is attached to it may pass the antivirus solution without any concern. But what if the Word file links back to a web page where it launches a piece of malware? So, although every piece of the puzzle is perfectly alright, the whole of the puzzle may not.
Traditional endpoint protection solutions weren’t designed to handle that kind of complex threats. And what’s more: traditional endpoint protection is reactive by nature. Companies as well as individuals know that they are potential targets for cyber criminals. That’s why we all have been using protective solutions for many years now. Threat intelligence is different. The main goal of threat intelligence is to understand the people and organizations who are behind cyber attacks, to figure out how these attacks are set up and carried out, which techniques and technologies are used, and how ‘successful’ the attacks are. That sort of information creates new insights that lead to new and more effective ways to predict and prevent new attacks.
Prediction and Prevention.
The whole idea of threat intelligence is based on the gathering and analysis of real-time threat data. When an endpoint is under attack, the endpoint protection solution reports the incident to a centralized intelligence hub, which in turn distributes the information among all of the solution’s users. This way, threat intelligence helps stop attacks quicker. As it learns from the way an attack was carried out – combining big data analytics with the power of artificial intelligence – threat intelligence becomes increasingly accurate in predicting incidents, and ultimately in preventing them to happen.