Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account
Threat intelligence programs now central to risk management strategies

Threat intelligence programs now central to risk management strategies

Lauren Horwitz

by Lauren Horwitz

Managing Editor, Cisco.com

With cyberattacks exploding in volume, enterprises are turning to threat intelligence programs to combat the risk.

Bill Shaffer of Shawnee Mission School District in Kansas knows what it's like to have cyberthreats keep him up at night.

As the IT director for the school district, he presides over an IT environment that's ripe for malware attacks.

"I have 28,000 hackers already inside my network," Shaffer said of the district's student body. Armed with iPads or MacBooks, these students may knowingly or inadvertently introduce a threat to Shawnee's IT systems. A sudden breach can leave Shaffer's department of 10 scrambling.

That's why organizations like the district are turning to threat intelligence programs and resarch to gather data before a threat paralyzes its IT systems. Threat intelligence programs like Cisco Talos aim to help enterprises identify and understand attacks before they happen. The output of Talos' research is fed directly into the Cisco security product portfolio, in part through regular, frequent threat detection updates. This kind of threat research helps companies get a step ahead of attacks and to maintain control of an incident when an attack occurs.

For the school district, threat intelligence has helped IT pros respond to threats deliberately, rather than just reacting to the latest crisis.

"Before," Shaffer said, "we would have to determine if a threat was viable. If we were vulnerable, we would have to figure out the fallout. It would take us time, and we didn't have that time."

"Now," Shaffer continued, "we can see that putting Snort rules [one of the formats of Talos' output] to block the vulnerability and give us time. Then, we can determine what we need to do and when we need to do it."

In Greek mythology, Talos was a bronze automaton designed to protect Crete from pillaging pirates. The modern-day Talos fights digital threats that have become highly profitable for attackers, to the tune of 20 billion threat blocks daily, according to Talos. 

"Since the advent of ransomware combined with bitcoin [a digital currency using encryption], we have criminal organizations making a five- to six-figure payday," said Craig Williams, senior technical lead and outreach manager for Talos. "The influx of money has allowed attackers to professionalize their capabilities. That's why organizations like Talos have to exist."

Threat intelligence is only part of risk management strategy

As the risk for cyberthreats grows -- with a 300% increase in ransomware attacks between 2015 and 2016 -- many enterprises have tapped threat intelligence programs to combat malicious attacks. Indeed, according to Enterprise Strategy Group, 54% of respondents had experienced a security event.

These events can be significant: According to the Cisco 2017 Annual Cybersecurity Report, 23% percent of breached organizations lost business opportunities, and 42% lost more than 20%.And according to the Global Ponemon 2017 Cost of a Data Breach survey, the average total cost of a data breach is $3.62 millionStill, while companies need a proactive approach to deal with threats. only 51% actively monitor and analyze threat intelligence, according to the PwC Global State of Information Security report.

Given the criticality of enterprise data today, threat intelligence programs and research are must-haves, according to experts. At the same time, companies may fail to ward off threats if they focus too much on gathering or purchasing the products and intel without knowing how to plug the tools into a larger cybersecurity and risk management strategy.  

"Companies don't spend enough time on the process to take advantage of the technology," said Todd Inskeep, principal and director at Booz Allen Hamilton.  "Companies make the greatest strides when they focus on an end-to-end process."

In an online video interview, Inskeep also counseled organizations to think about products within the context of their larger strategy by identifying and categorizing the assets that need protection. "People buy threat intelligence all the time, but don't have the people and processes in place to figure out what to do with it," Inskeep said. It’s important to consider one’s existing IT environment and which offerings best fit with a company’s existing IT tools.

Talos' Williams echoed the notion that threat research is best integrated into a larger strategy of risk management.

"Data is the new modern currency," Williams emphasized. "If you don't have a threat intelligence guidebook to tell you what to do when things happen, you're going to be in trouble."

Moreover, when implemented within a larger comprehensive strategy, these tools can bring much-needed automation to IT departments, which are still struggling with adoption. Automating threat detection can make these departments far more strategic and effective; Shaffer said his department is moving in that direction with Talos. "The more we can automate, the better. It can make us more strategic," he said.

Nevertheless, when put to good use, threat intelligence programs can bring new insight to improve process and bring team interaction. Shawnee's Shaffer noted that the Talos program has created a whole new dynamic within his team that is more collaborative and less defined by individual fiefdoms.

"Everybody on the team discusses how it could affect their system if certain things were to happen," he noted. "It's not just my system; it's our systems. They think of it as, 'If you get breached, I could get breached.' So, they all work together."

For more Cisco news:

For more Cisco resources:

Lauren Horwitz is the managing editor of Cisco.com, where she covers the IT infrastructure market and develops content strategy. Previously, Horwitz was a senior executive editor in the Business Applications and Architecture group at TechTarget;, a senior editor at Cutter Consortium, an IT research firm; and an editor at the American Prospect, a political journal. She has received awards from American Society of Business Publication Editors (ASBPE), a min Best of the Web award and the Kimmerling Prize for best graduate paper for her editing work on the journal article "The Fluid Jurisprudence of Israel's Emergency Powers.”