Threat Intelligence - Cyber Threat Intelligence
Protecting digital assets is in many ways similar to protecting physical assets. Just like in real-world crimes, preventing crimes or breaches before they occur is always preferable to trying to apprehend criminals once a crime has occurred. This is particularly true of digital assets that can be quickly copied or distributed. When a physical item is stolen, it may be recovered and returned to its rightful owner with no loss in value. When digital assets are stolen, however, they most often cannot be returned in the same way. For this reason, data breach prevention is not just preferable, it is of utmost importance.
In the real world, police and security forces use security personnel to monitor for suspicious activity and gather intelligence relating to specific threats. For instance, they may carefully monitor a known drug dealer or bank robber, watching for any suspicious activity that may signal an impending crime about to happen. They can't actually act until the individual does something unlawful, but the point is to try and apprehend them attempting to commit a crime rather than after it has already happened.
In the same way, digital security services also monitor for suspicious activity and collect intelligence related to potential threats. Here are four ways digital security services use threat intelligence to neutralize potential threats before they become a problem.
- Digital monitoring of general internet traffic: Many neighborhoods employ security personnel to patrol the neighborhood at night looking for any suspicious activity. This activity might include individuals dressed in dark clothing lurking outside of a window or even walking alone by themselves down the street or parked vehicles that seem out of place. Digital crimes often involve some of the means and methodologies that physical crimes do.
Hackers may be constantly probing for weaknesses or vulnerabilities in a system, but they also give away clues that they are doing so that digital monitoring services can pick up on. These clues are often very subtle, however, and might be easily missed if constant monitoring were not happening. The good news, however, is that the monitors themselves are often digital and will often detect slight anomalies that human eyes might miss. Digital bots can be programmed to constantly search for certain online behaviors or certain network events. When they detect them, they can alert human monitors to their presence for further investigation.
- Monitoring of known suspects: There are actually only a few people in the world capable of pulling off some of the biggest crimes. The same is true of digital crimes. While an individual may be able to shield their real-world identity indefinitely, almost all cybercriminals have a very specific signature or style that generally gives them away. Threat intelligence includes monitoring internet traffic for specific phrases or signatures known to be used by some of the biggest cybercriminals. In some rare cases, finding them online may even help authorities find them in the real world.
- Monitoring for new worms, viruses or other malware: In some ways, it is a good thing that cybercriminals are just like everyone else and often enjoys bragging about their accomplishments. In some cases, threat intelligence picks up chatter about a new worm, bug, weakness, vulnerability or another type of malware that may be coming down the pike. Like they say, knowing is half the battle. It is far easier for digital security services to protect against a threat they know is coming than one they do not know is coming even if they do not know exactly what the threat is.
In other cases, a new type of malware can be released without warning but effective threat intelligence also works to minimize the damage to other firms, businesses or individuals. For instance, if a new threat is detected in the UK or a new type of worm, virus or malware is released, then security services around the globe can quickly start working on a security patch or screening tool that will help protect other systems and entities.
- Email filtering: No matter how many times users are warned about clicking on email attachments or links from unknown senders, a 2017 Verizon Data Breach Report found that a whopping 66% of all malware linked to data breaches or other incidents (i.e. ransomware) was installed via malicious email attachments. To be fair, however, cybercriminals are also becoming more and more savvy about making their emails look ever more official or legitimate. Simple warnings do not seem to do the trick, however, so threat intelligence helps to better filter out malicious links before they ever arrive in a user's inbox.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.