By Denny LeCompte, CEO, Portnox
Today, organizations are confronted with a deluge of cyber threats, ranging from sophisticated AI-powered ransomware to tried and true brute force attacks. At this point, IT security teams know it’s essential to stay one step ahead of cybercriminals, but numerous barriers hinder such events and prevent effective threat intelligence that would otherwise enable them to do this. As one might expect, some roadblocks are operational, some technical, and some human.
Prioritization of vulnerabilities, investment in security training and tools, and a general re- evaluation of threat hunting tactics and strategies may seem like obvious steps towards improvement, but these initiatives can often feel herculean. Fortunately, there is a clear path forward thanks in part to the advent of cloud-native security tools, artificial intelligence, machine learning, and the mistakes made by others.
The Murky Waters of Threat Intelligence
One of the most pervasive challenges confronting organizations in their quest for effective threat
intelligence is the sheer volume of data generated across a wide array of security tools. The relentless proliferation of information makes it increasingly difficult to separate the signal from the noise. Inundated with a barrage of alerts and indicators of compromise, security teams often find themselves overwhelmed and unable to discern genuine threats from false positives. This information overload not only wastes valuable time but also diverts resources away from addressing the most critical risks.
While information overload is perhaps the most apparent challenge when it comes to strengthening threat intelligence programs, there are several other key reasons why more organizations do not (or cannot) invest more time and energy in this area:
- There is an overall lack of contextualization of information at hand. Raw data, without proper context, can be meaningless and may not provide actionable insights. If you can’t tie A to B to C, who cares? This mindset tends to silo security operations which perpetuates the lack of context problem.
- The shortage of skilled personnel is yet another obstacle in the path of effective threat intelligence. The cybersecurity talent gap is well documented and is driven largely by increased systems and architecture complexity, a growing demand for talent, budget constraints, and burnout. When combined, these factors have made it very difficult for organizations to recruit and retain skilled IT security professionals.
- Interoperability issues within organizations existing security infrastructure constitute a significant hindrance to threat intelligence implementation. Many organizations operate a patchwork of security tools and systems that do not communicate seamlessly. This siloed approach impedes the flow of information and hinders timely threat detection and response.
- The ever-evolving nature of cyber threats presents perhaps the most unpredictable challenge. Cybercriminals are continually developing new tactics, techniques, and procedures to evade detection, making it extremely difficult for IT security teams to identify and then act on threats.
Just one of these roadblocks is enough to deter organizations from investing more time and
energy into developing threat profiles, deterrence tactics, and even remediation plans. The path
forward requires a certain degree of introspection. The willingness to look critically at operational shortcomings and prioritize areas of improvement that can contribute to better threat intelligence can pay off down the line, even if it means having to acknowledge some uncomfortable truths first.
Is it Time to Re-evaluate Your Threat Hunting Program?
For most organizations, the answer to this question is most certainly yes. Tackling the above challenges head-on is daunting, but achievable. Below, there are several factors to consider across each pain point:
- It starts with contextualizing threat data and determining an organization’s unique risk profile, business objectives, and industry-specific threats. For a bank, for example, this would mean identifying its most critical assets, such as customer data, company financials, any transaction systems, and even payment processing infrastructure. The bank would then want to create threat profiles based on what the most common types of attacks are against similar institutions, focusing on the various end goals these attackers have. Is it purely for financial gain? Is it state-sponsored? Is the attack coming from the inside? Tailoring threat intelligence to specific needs allows organizations to focus on the most relevant threats and allocate resources effectively.
- Addressing the skills gap requires time and money. There’s really no way to avoid this. To address the skills shortage, businesses should develop training and development programs to upskill their existing workforce and promote a culture of continuous learning. Additionally, partnering with third-party managed security service providers can help augment in-house expertise and provide access to a broader pool of talent. While the time horizon on these initiatives may seem long or expensive, it’s important to remember that the average cost of a ransomware attack is in the millions of dollars.
- Look to the cloud to solve interoperability issues. To overcome legacy system and hardware interoperability issues, organizations should look to the cloud. Specifically, companies should adopt cloud-native security solutions that can be easily integrated with one another, allowing for seamless data sharing and orchestration. This is a critical step towards not only contextualizing security posture data, but also being able to define and enforce policies that proactively mitigate and eliminate threats. In recent years, core security technologies like network access control (NAC), security information and event management (SIEM), endpoint detection and response (EDR), and others have moved from on-premises to the cloud.
- Keeping up with new threats requires agility and adaptability across an organization’s security posture. Regular threat intelligence updates, threat huntingexercises, and red teaming engagements can help organizations proactively identify vulnerabilities and improve their defensive capabilities. It’s important to note that without filling the skills gap and focusing on continuous learning across the security team, and by not investing in new cloud-native technologies, companies will continue to struggle to get the context they need to address threats, let alone be able to keep up with new ones.
Don’t Wait to Infuse Threat Intelligence with AI & ML
Everything covered above still requires some degree of human interference. That’s changing. Humans are fallible, perhaps more than we’d like to admit. Even with automation, we have a tendency to overlook, miss, or even ignore things. This is true in the cyber security function, but there’s been a realization: the stakes are too high.
Artificial intelligence and machine learning are already being used today to enhance threat detection, response, and overall cybersecurity efforts. With the ability to analyze large volumes of network and system data, AI and ML are being leveraged to establish baselines for normal user behavior, making it easier to pinpoint the anomalies when they occur. By recognizing attack patterns, AI and ML are enabling organizations to improve the accuracy of their intrusion detection systems and prevent threats from advancing.
As these technologies become more sophisticated through deep learning, neural networks, and other techniques, more and more tactics and approaches to threat intelligence, hunting, and prevention will emerge. Today, by leveraging these emerging technologies to unleash predictive and adaptive threat capabilities, companies can finally gain the upper hand against cybercriminals and establish effective threat intelligence programs. One question remains: will they commit to doing it?
About the Author
Denny LeCompete is the CEO of Portnox. He is responsible for overseeing the day-to-day operations and strategic direction of the company. Denny brings over 20 years of experience in IT infrastructure and cyber security. Prior to joining Portnox, Denny held executive leadership roles at leading IT management and security firms, including SolarWinds and AlienVault. Denny holds a Ph.D. in cognitive psychology from Rice University.
Denny can be reached online at firstname.lastname@example.org and at our company website https://www.portnox.com/.