Intelligence-Led Security And The Modern Tech Stack

Using open source and publicly available information as intelligence is extremely useful for making responsible and proactive risk management decisions. 

In 2016, an eternity in the information security space, two chief information security officers spoke on a topic at the RSA Conference in San Francisco that has kept many a CISO awake at night: how best to build an integrated corporate security technology stack.

The pair were from vastly different organizations – one provided healthcare-based software solutions that connected payers, providers, and patients in the U.S. healthcare system, while the other was a Manhattan-based multinational financial services firm – but the challenges each faced were identical.

Some of the key takeaways were as follows: Define what you are trying to protect and measure, obtain appropriate buy-in from senior executives, and install the right tools and services that fit your culture.

That sage advice is still relevant. What’s becoming more apparent is that in order to define what needs protecting and stay ahead of modern threats, a strong security technology stack needs to be intelligence-led.

What is Intelligence-Led Security?

Intelligence-led security is the practice of gathering and analyzing data to prevent attacks and mitigate risks, as well as discovering information breaches or leaks that may already be in place.  

Better intelligence is the only way to stop the creativity of modern cybercriminals and the schemes that they produce. As proof, one needs to look no further than the Symantec Internet Security Threat Report, Volume 24, released in 2019. The report is an annual exercise in which the company shares, “the latest insights into global threat activity, cyber criminal trends, and attacker motivations.”

Example: Formjacking

The report notes that while ransomware and cryptojacking were go-to moneymakers for cybercriminals, 2018 brought diminishing returns, resulting in lower activity.

“Like flies to honey, miscreants swarm to the latest exploits that promise quick bucks with minimal effect,” the authors of the report stated. “Ransomware and cryptojacking had their day; now it’s formjacking’s turn.”

Formjacking attacks are simple and lucrative: cybercriminals load malicious code onto retailers’ websites to steal shoppers’ credit card details, with 4,800+ unique websites compromised on average every month.

The report explains how both well-known and small-medium businesses were attacked, conservatively yielding tens of millions of dollars to bad actors last year.

Minimize Damage

It is the job of security technology tools to prevent an attack or minimize damage if hit, but as Craig McDonald, the CEO of Australian-based MailGuard, a cloud web, and email security service noted earlier this year, choosing the right one can be difficult.

“As a business owner myself, I understand the frustration,” McDonald wrote in a blog posted on the company’s website. “The constantly evolving complexity of cyber-attacks, combined with the wide range of sophisticated technology solutions out there can sometimes be daunting.”

A Risk Management Framework

Developing a cybersecurity risk management framework is key, McDonald adds, both in terms of software and hardware purchases and the evaluation of new tools that can reside within the security stack.

An example of the latter is open-source intelligence (OSINT) tools that may not have been part of the discussion three years ago, but certainly are today, as intelligence-led security is becoming more present.

According to a report released in March by Homeland Security Research Corp., OSINT is becoming a necessity and the market is growing.

The market, it states, is being boosted by several drivers, including:

• Increased use of social networks and the rise of user-generated content, including video sharing, groups, and forums, which expand the amount of content available for intelligence experts to gather and analyze.
• The rapid advances in big data, data analytics, and artificial intelligence that are facilitating the conversion of millions of scattered data into manageable databases.
• The growth of OSINT training courses around the world, which has boosted the number of potential users of advanced systems.

Open source intelligence for security

OSINT is one of the fastest-growing verticals. Hackers are interacting on the deep and dark web and managing operations and assaults in web forums and groups. Monitoring these spaces can provide valuable information about planned attacks.

Open source and publicly available information are extremely useful for making responsible and proactive risk management decisions. Best practices involve gathering this intel and combining it with other data points to provide context to the situation. The most effective teams compile the gathered data and use it to guide and inform an appropriate security response, rather than reacting to a single data point and triggering an unnecessary reaction.

There is a massive uptick in the use of intelligence-led security and risk management operations around the globe, as modern security teams are evolving their approach based on today’s threat landscape.