During the recent Gartner Security & Risk Management Summit, I presented a session on how organisations can increase their cyber resilience using advanced threat intelligence. In this blog post, I wanted to explain what I mean by the term ‘cyber resilience’.
Generally speaking, it is the capacity to recover quickly from difficulties. It doesn’t mean a company is going to be breached, which seems to be how most presentations or comments start these days. Resilience is also the ability to resist attacks and form defences ahead of an attack.
This is where intelligence plays a key part in enabling organisations to understand the cyber threats that face them specifically. It requires acquiring and applying knowledge that can put risks in context of industry, type, country etc – and understand who is likely to attack us along with the tools and exploits they are likely to deploy (and potentially when and where they will attack).
As described before, threat intelligence is different from threat information. It requires extensive data collection and analysis by human analysts to identify a specific threat to a specific target. This is where advanced machine learning comes in. We have spent considerable R&D time training the machine to make our people more efficient and removing the haystack from the needles.
Our R&D teams use machine learning to leverage the vast amounts of data collated from our Global Threat Intelligence Platform. It’s an open platform that gathers data from NTT’s global backbone, threat sensors, open source intelligence, technology partners, proprietary search engines, MSS SOC infrastructure and network analysis. This platform for example allows us to analyse millions of malware samples using advanced malware detection techniques. From this combination of malware analysis and machine learning, we can create custom signatures that enables an organisation to increase its cyber resilience through advanced threat intelligence. To summarise:
- Intelligence without context is just data noise.
- Data without advance analytics and machine learning is just a giant haystack.
- Resilience without business transformation is old world security.
- Intelligence has to enable informed business decisions to be made.
- Decision can only be made once you have a full life cycle security model.