+
EDITOR’S QUESTION
JOHN MCLOUGHLIN, MD,
J2 SOFTWARE
/////////////////
C
yberthreat intelligence is not
becoming increasingly important.
Cyberthreat intelligence is already
critically important in the battle against
cybercrime. It is just unfortunate that so
many do not make use of service providers
and platforms that provide access to
multiple threat intelligence feeds from
around the world.
In the world of cybercrime, there are
more and more attacks being deployed
on an almost daily basis. The battlefield is
getting wider and the number of attackers
is increasing. Without continually updated
cyberthreat intelligence, traditional defence
systems are obsolete. It is great if your
defence is playing one on one; this is easy
to defend. However, this does not work
as well when your defence is now lining
up against the leading offence from 10
different conferences.
Cyberthreat intelligence needs to be
incorporated into the layered defence
strategy and automatically applied to
existing and changing defensive patterns.
The days of static defence and waiting
for an infiltration must be gone. We must
ensure that we have a proactive defence,
responding to anomalies as they occur and
patching holes automatically. Reliable and
authenticated cyberthreat intelligence does
this for you.
Building this evolving threat information into
your security platform allows you to stay
abreast of new threats and challenges using
automation without human intervention.
Even the best of us will be awake for only
16–18 hours a day and must use this time
for defence, life and family. Without using
cyberthreat intelligence, combined with
automation and ongoing monitoring, you
will end up constantly chasing your attackers
across the widening cyber battlefield,
www.intelligentcio.com
running from side to side without making
any forward progress.
We are in a hyper connected world and
things which take place on one side of
the planet are easily replicated on the
other side in a matter of minutes. This
hyper connectivity allows cyberattacks to
replicate themselves rapidly to hundreds of
thousands of machines in different countries
on multiple continents. Applying this same
pattern, we can use verifiable and reputable
cyberthreat intelligence feeds to share
information and specifics on attacks around
the world in the same period.
If we see a cyberattack surface in London,
it is identified and correlated; updates are
made to the cyberthreat intelligence feeds
and within minutes defence platforms in
hundreds of countries are automatically
alerted and armed to the attack. Behaviour
patterns are understood and when that
attack tries its luck somewhere else, like in
Johannesburg, our defence is already in
place, killing the attack in its tracks.
The sharing of cyberthreat intelligence is
a crucial part of staying up-to-date with
evolving threats and making sure we keep
our collective defence well placed in front
of the growing number of attackers. Single
layer and traditional methods of securing
environments are gone, so visibility tied into
cyberthreat intelligence feeds goes a long
way in knowing how to keep safe.
INTELLIGENTCIO
29