Category: Insider Threats

Cyber threats come in many forms. Certainly some of them are cybercriminals who attack your network at the firewall. However, they also include threat actors operating on the open and dark web who come at you through your employees and your business partners. Some devastate your brand through social media and external websites without ever touching your network. Malicious or merely careless insiders may also wreak havoc with your data and your reputation. By the time you see indicators of these threats on your network, it is probably too late. To prevent damage, you need advance warning of threats, accompanied by actionable facts in order to: Source

1. Eliminate your most serious vulnerabilities before they are exploited
2. Detect probes and attacks at the earliest possible moment and respond effectively right away
3. Understand the tactics, techniques, and procedures (TTPs) of likely attackers and put effective defenses in place
4. Identify and correct your business partners’ security weaknesses — especially those that have access to your network
5. Detect data leaks and impersonations of your corpo-rate brand
6. Make wise investments in security to maximize return and minimize risk

More than data or information

Data consists of discrete facts and statictics gathered as the basis for further analysis

information is comprised of multiple data points that are combined to answer spefici questions

Intelligence is the output of any analysis of data and information that uncovers patterns and provides vitial context to inform decision-making.

For security intelligence:

1. Data is usually just indicators such as IP addresses, URLs, or hashes. Data doesn’t tell us much without analysis.
2. Information answers questions like, “How many times has my organization been mentioned on social media this month?” Although this is a far more use-ful output than the raw data, it still doesn’t directly inform a specific action.
3. Intelligence is factual insight based on analysis that correlates data and information from across differ-ent sources to uncover patterns and add insights. It enables people and systems to make informed deci-sions and take effective action to prevent breaches, remediate vulnerabilities, improve the organiza-tion’s security posture, and reduce risk

Implicit in this definition of “intelligence” is the idea that every instance of security intelligence is actionable for a spe-cific audience. That is, intelligence must do two things:

1. Point toward specific decisions or actions
2. Be tailored for easy use by a specific person, group, or system that will use it to make a decision or take an action

iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.