Defending against cyberattacks with actionable Threat Intelligence

12 February 2021 | 2905 Shares

VMware: Cybercriminals are moving from heist to hijack on financial institutions. Source: Shutterstock

The threat of cyberattacks was compounded in 2020, as Covid provided bad actors with a rapidly growing corporate attack surface to address, to further system and network breaches. Attacks grew in number as did the variety of approaches taken. The sophistication of the SolarWinds breach surprised everyone with its scope and the fact it went undetected for so long. Its repercussions to organizations and governments are still reverberating months after the initial attack.

Finding and then pre-empting malicious actors looking to hack your systems is difficult across the vastness of the internet. It’s easy to understand how the connected enterprise seems, at best, only to be able to be reactive given such challenges; challenges compounded by a shortage of skilled IT security professionals with experience of adversary tactics and the diverse range of vulnerabilities that exist today in corporate websites and other exposed infrastructure.

In addition to network breaches that expose organizations to monetary, GDPR or intellectual property risk, threat actors can also achieve their objectives by creating brand-impersonating assets. Outside the view of security teams, these form part of sophisticated phishing campaigns that can leverage email, SMS, social media, and mobile applications to lure customers and employees into giving up personal information or making fraudulent transactions.

True threat intelligence

As illustrated above, an organization’s attack surface is now global in scale. The internet has become the new cyber battleground and traditional network and endpoint security tools, while necessary, are no longer sufficient in its defense.

Leveraging a cyber threat intelligence solution like RiskIQ helps companies understand what’s exposed on the internet and the risks associated with that situation. RiskIQ also provides situational awareness of a broad range of potentially malicious activities directed at the organization. This correlation of internet threats with companies’ unique internet exposure gives security teams the ability to be proactive in defense of their organization and their customers.

True threat intelligence solutions like RiskIQ must automate the collection and curation of vast amounts of internet data to deliver this level of visibility. As malicious actors interact with the internet, they emit signals. While some of these signals, such as the registration of domains or certificates, are recorded in databases and can be retrieved later, others are ephemeral and go unnoticed unless they are captured as they happen.

RiskIQ’s global reconnaissance infrastructure has been collecting, analyzing and aggregating these signals for over a decade to build a living intelligence graph. It shows the connectivity of the internet at any point in time, illuminating both organizations and malicious actors. This gives security teams actionable intelligence they can use to harden their attack surface, proactively take down impersonating assets and investigate suspicious indicators detected by their other security solutions.

Despite the best efforts of security teams, breaches still happen. When they do, incident responders need to be ready to investigate and respond rapidly. Having access to the right intelligence is key, and trying to build these intelligence programs during an incident can be very challenging and time-consuming.

Whether responding proactively or reactively to cyber threats, internet visibility is key. Threat intelligence solutions such as those provided by RiskIQ should be a core component in the security programs of organizations with significant internet exposure.

To learn more about threat intelligence and how to lower your organization’s risks, read more in this white paper.