Connect with us

Hi, what are you looking for?


Critical questions a threat intelligence service should be able to answer

How could you pick and assess which provider is better than the other? Let’s go through some vital questions they should be able to answer for you and your security team.

By Yeo Siang Tiong
General Manager for Southeast Asia, Kaspersky

The new decade opened with the commercialization of 5G networks, further implementations of Artificial Intelligence, and the increased use of data analytics.

Aside from these revolutionary breakthroughs, there is one underlying trend that we should not miss — the heightened importance of intelligence in this digital age. In Southeast Asia alone, researchers at Kaspersky have monitored an increased activity of major Advanced Persistent Threat (APT) groups waging sophisticated cyberespionage against government-related organizations and even entities.

These malicious actors are upping their game with new attack tools to siphon information from governments, military entities, and organizations. What are they aiming to get their hands on? Confidential intelligence.

Interestingly, another kind of intelligence can help nations and even enterprises to keep their secret data safe. Threat intelligence. This technology can help an organization understand the threats that have, will, or are currently targeting their networks. It should also serve as a foundation of an organization’s cybersecurity strategy.

I am well aware that there are dozens and dozens of companies now offering this service. How could you pick and assess which provider is better than the other? Let’s go through some vital questions they should be able to answer for you and your security team.

Advertisement. Scroll to continue reading.

1.      How suspicious is this file? In what aspects?

Let’s be honest, there are two realities in an IT security environment of any organization — understaffing and the overflowing detections and false positives. With most IT departments understaffed these days, is your team ready to deal with the overwhelming assault of threat data coming your way?

The reality is, not every file is malicious or requires special attention, with some of them easily dealt with by your basic anti-virus software. A proper threat intelligence feed should be able to filter out false positives and allow you to focus on the threats that really matter.

It is important to clear the line here. Endpoint security does detect but only classifies a file in terms of a basic Clean/Dangerous verdict. That’s it. Analytic tools which should be in a threat intelligence system should be able to provide you with a detailed information on how suspicious and malicious a file, a hash, an IP address, and even a URL is.

Such information includes their behavior, the exploit techniques, how rare the detected malware is, what tools were used by cybercriminals to be able to create it, and if you are to use a threat intelligence tailor report, it would be able to provide you with its history, who are its makers, its usual targets, and more.

2.      Who is conducting the attack? Is it a trend I should be worried about?

See, a threat intelligence service should be based on a solid database of threats combined with expert analysis. It should not be a mashed-up combination of reports from one company to another.  

Advertisement. Scroll to continue reading.

Why are comprehensive database and technical insights important? These are foundations of a good threat intelligence. With real-time data from all over the globe and threat monitoring through machine learning analyzed by human brains, you will be able to get a better context about a malware.

Your threat intelligence service provider should be able to give you a malware’s full resume, including its malware family, indication of compromise, historical statistics, and even its alleged “parents”. This is the part where a simple malicious file, hash, URL, and IP address may be linked to an APT attack and it is worth underlining that an in-depth APT report should be part of your threat intelligence service. This report should also include the target sectors, possible attributions, and motivations.

With the report giving context about a simple detection, you will know how to respond and even to beef up your existing security environment.

3.      What actions should I take? What security changes should I make?

Now, the million-dollar question for one looking to ask a threat intelligence service: Can you predict the future? Believe it or not, a good threat intelligence service can actually provide you with the answer that might come across as mere fantasy to most people.

As part of your cybersecurity toolkit, a good threat intelligence service should be able to offer you tailored intelligence reporting. Such a report would ideally paint a comprehensive picture of your current attack status, vulnerable spots ripe for exploitation and revealing evidence of past, present and planned attacks. Correlating the previous threats, present detections, and the possible future attacks are essential to know how you should adapt your IT security posture. Remember that threat intelligence should always be actionable.

With such unique insights, your organization will be empowered to shore up its cybersecurity defenses and ward off attacks heading your way. With these data you will be able to get a better grasp on how to handle it and how to move forward. Without these data, your staff may end up chasing their own tails.

Advertisement. Scroll to continue reading.

These questions represent just the tip of the iceberg but should form the basis of your threat intelligence assessments.

Each organization is unique in terms of infrastructure and policies. One thing is for sure, no sophisticated cybercriminals can outsmart a security defense with a fully functioning system armed with real-time brain juice of threat intelligence.


Like Us On Facebook

You May Also Like


Kaspersky experts have analyzed malicious files behind nominated films as well as movie-related phishing websites designed to steal users’ credentials.


According to the new report, cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organizations that could not...


Providing a sense of security for its subscribers has pushed Converge to also provide quick access to online support while raising awareness through online...


Poll shows how people are managing the pandemic as we approach the one-year anniversary of the start of large-scale quarantines that forced millions of...


The Philippines slipped two notches down from its previous ranking in the latest top 10 global list of countries with the most web-borne threats...


bluedog was launched two years ago to make professional cybersecurity services accessible to a wider audience – including businesses in Asia and smaller firms...


The remote setup had employees bringing home their workstations, taking devices out of the protection of cybersecurity systems found inside offices and leaving them...


Last spring, more than 1 billion schoolchildren around the globe were affected by school closures as countries attempted to slow rising infection rates. For...