Why Intelligence matters

According to Gartner: “Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.” Intelligence is therefore one key element in a modern and future-oriented cyber defense strategy every company should care about.

So…

why is Cyber (Threat) Intelligence important? Threat Intelligence leverages key data about threat actors and vectors to understand and prepare a companies‘ defense strategy. The key objective is the prevention or detection of cyberattacks before they occur and perform their full impact. In reference to the NIST Cyber Security Framework, Cyber Intelligence forms a sixth domain, the domain of anticipation capabilities.

No direct control over threats to the organization

As a CISO you never know when, where and who is attacking your company.

One key element in cyberspace is, that no organization is under control of its current adversaries. Actor activity is far outside any companies‘ control and therefore represents a risk that is not easily mitigated. Actors may use opportunistic possibilities to gain profit or plan long-term strategic operations to interact with a potential target. Leveraging Cyber Intelligence, a company can identify emerging and imminent risks from the global cyber situation based on available information. This new dimension allows any company to include digestible portions of anticipation capabilities to generate lead time and plan defense or mitigation against a change or deviation in their Threat Landscape.

Lead Time – be prepared

The probably most valuable information derivable from intelligence is knowledge in advance. With the introduction of a custom Managed Threat Intelligence Program, a company has the ability to monitor the development within a dedicated Area of Interest. It is key to understand, that Threat Actors do not regularly declare implicit intention to attack a specific target, but leave traces detectable or make use of opportunities unintentionally produced by their targets. Going far beyond compromised user credentials and digging deeper than data leaked, evidence collected and aggregated becomes intelligence, that allows companies to prepare for potential impact in advance. As it always is easier to prepare than to react, intelligence about imminent and emerging threats can quickly become key information to any company.

Ready to step up to the next level?

Not only focus on what exists now but also what emerges in the longer term

While dealing with antivirus notifications and alerts from perimeter protection appliances, the main focus rapidly swaps to reactive day-to-day work. It is certainly important to enabling capabilities to deal with imminent threats firing at or within a given perimeter. Aiming for a higher maturity in defense, emerging Threats become more important. An emerging Threat can show up in different fashions:

Critical Vulnerabilities allowing an actor access to internal networks
Availability of new exploits
Ongoing campaigns using specific vectors
A leak of critical information
Declaration of interest
Existing compromise – even without knowledge

All expressions of Threats above have their own characteristic and are key to monitoring in the long term. Changes in interaction and attraction are only one element to consider when monitoring a companies Threat Landscape. It is key to determine then the impact. Although many open sources blast out feeds of technical indicators of compromise in a machine-readable format, it is not a machine that defines a defense strategy, but a human being with a request and requirement for level appropriate and evidence-based information.

From Indicator of Compromise to strategic impact

In most cases, the impact of a specific Threat Actor starts with an Indicator of Compromise, an artifact left behind, a tool used, a domain contacted, or a command executed on a device. While most human readers and company leaders may not deal exactly with this kind of information, one key element is to speak a level-appropriate language, making intelligence accessible to a broad audience of decision-making bodies. There are different ideas of how to report intelligence, and especially threat intelligence to a management body and every organization has to decide, which way to go. Here are the questions to ask:

Are we impacted by that threat?
Which business process would be interrupted?
Are people and processes ready to deal with that threat?
Does our defense strategy detect or stop such a threat?
What would an impact cost us?
What impact is expected regarding confidentiality, integrity, availability, and privacy?

One fact is common, intelligence needs to be actionable and interpreted with in-company knowledge. It is our mission to deliver intelligence, decisions can be made. No intelligence provider will answer all the questions from above, but we are dedicated to laying the foundation, so you and your decision-makers are informed in an appropriate manner to translate intelligence to actions.

Are you interested in getting more? We are happy to welcome you in our mailing list:

Intelligence-based decision making

There is one maxim we follow:

When you travel abroad, you are interested in the current weather forecast, and not the weather 3 years ago.

Often, we experience procurement and defense strategy to be influenced by fear of ransomware and features from a specific product, another product, and a third product that could help mitigate the gap from the first two. CICS is not a vendor of technology but a service provider enabling customers and their companies to achieve situational cyber awareness. We focus on relevant intelligence enabling decisions, emerging threats influencing defense strategies, and imminent threats requiring action. When you decide to adjust a strategy, tune defensive capabilities, or improve processes, we deliver the current situation with trends and tendencies spotted and not a vendor case or what happened three years ago. It is our mission to build capabilities and enable your decision-making based on intelligence and knowledge.

Know your exposure

One key element often missed is your digital footprint. A strategy can be excellently written or implemented, but a lack of knowing what to defend will leave it just as another paper you wrote. Knowledge of assets and their value is another key element in every defense strategy. With the introduction of an Area of Interest, CICS can help in identifying and monitoring physical and digital assets, an actor could abuse. It is not just about internet scanning platform like Shodan or compromised credentials, we focus on a bigger picture, peeling out relevant information and presenting in aggregation with intelligence possible vectors, an adversary can abuse.

So this is why intelligence matters. We believe in an intelligence-based future, including various condensed information from and about cyberspace related to your Area of Interest. How about you?

CICS

With the vast amount of information available, it is today’s challenge to identify relevant information, aggregating and condensing it to actionable intelligence. This is what we do at CICS. Our mission is to make intelligence from and about cyberspace available to a broad audience of critical services including not only the fortune 100. We offer our services to especially small and medium-sized companies, respecting their needs and possibilities.

Cookie	Dauer	Beschreibung
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.