Real-Time Endpoint Threat Detection and Response

Intelligence-driven Information Security is Key to Combating APTs, Says Report

Posted by Nate Buell    Feb 2, 2012 7:41:00 AM

The future of battling advanced persistent threats will rely heavily on intelligence-driven information security, according to a new report from the Security of Business Innovation Council (SBIC), sponsored by RSA. 

The 16-person council comprised of Global 1000 executives concluded that most organizations today do not have enough information about advanced threats – and that a new line of defense against attacks on their networks and sensitive data is absolutely critical.

Council member William Boni, vice president and CISO at T-Mobile USA, may have said it best when he remarked, “Networks are no longer safe if a company takes the egg-shell approach of simply using perimeter-centric hardware devices, anti-virus and anti-malware software and other approaches to keep intruders out." He went on to say that the fortressed approach of the past is no longer enough, quoting Fredrick II (one of the most powerful Roman Emperors of the Middle Ages) who said, “He who tries to defend everything defends nothing.”

It’s no secret that enterprise organizations face increasingly targeted, complex attacks that can be carried out over long periods of time. But according to the report, the hard truth is that “most organizations don’t know enough about the threats or their own security posture to defend themselves adequately." Motivated, agile attackers have the means to evade commonly used defenses – so more than ever, greater “situational awareness is essential to effectively detecting and mitigating cyber attacks." And in order to achieve enhanced situational awareness of their business environments, organizations must find and implement ways to monitor, gather, analyze and act on real-time intelligence.

The council outlines several steps for intelligence-driven security – defined as “real-time knowledge on threats and the organization’s posture against those threats in order to prevent, detect and/or predict attacks, make risk decisions, optimize defensive strategies and enable action.”

First, building out an intelligent network – a collection of reliable cyber security data from government, industry, commercial and internal sources – is critical to better understanding risks. It’s also essential, the council says, to perform ongoing research on potential cyber attackers, to gain insights into their motivation and preferred techniques. Also, IT teams must grow and hone new skills focused on the production of intelligence. And finally, full visibility must be achieved into actual conditions within IT environments, including insight that can identify normal versus abnormal system and end-user behavior.

The full report outlines a six-step roadmap for achieving intelligence-driven information security. For more details, visit here.

Topics: Cyber Attack, Research, Breaches, Security Intelligence, RSA

Blog covers topics related to detecting and monitoring in-progress cyber attacks for IT security operations teams.

Subscribe to Email Updates