?
editor ’ s question
MAZEN DOHAJI , REGIONAL DIRECTOR
ME , TURKEY AND AFRICA , LOGRHYTHM
I
n short , yes . Cyberthreat intelligence ( CTI ) is becoming essential in your battle against cybercrime and , more generally , protecting your vital data assets . Good CTI hinges on the real-time availability of knowledge – evidencebased knowledge including context , mechanisms , indicators , implications and actionable advice – about existing or emerging threats to vital assets .
Today ’ s cyberthreats are advancing in both methodology and frequency . To keep pace with evolving cyberattacks , you need to make use of all the information and intelligence available . Threat intelligence can help you stay one step ahead of cyberthreats by providing you with rich , external context .
Integrating threat intelligence into your SIEM can help increase overall network visibility , keep you up to date on potential risks within your environment and enable you to rapidly detect and respond to cyberthreats .
Threat intelligence combines internal intelligence gathered by your SIEM with available , external intelligence to help you understand the nature of a threat . The primary benefits of adding threat intelligence to SIEM are :
• Increased visibility : obtain a greater understanding of threats for faster detection
• Improved context : combine internal intelligence with external threat intelligence to make it actionable
• Enhanced productivity : enable a proactive defence , rather than a reactive posture
Just as machine data intelligence ( MDI ) fabric uniquely empowers the LogRhythm platform with contextualised data primed for analytics , value-added threat intelligence must be powered by diverse , quality inputs .
Some of these inputs may be publicly available , open-source feeds that could be free from sources such as DHS , ISACs , or ISAOs . Additional input sources can be found in proprietary access to global private networks , endpoints or enterprise implementations .
( CTI ) is becoming essential in your battle against cybercrime and , more generally , protecting your vital data assets .
Interestingly , many commercial threat intel providers resell other threat intelligence feeds so that the provider itself becomes a trusted indicator of industry-validated or peer-validated quality .
Ultimately , security practitioners want threat intelligence that will be complementary to everything else in their security stack , whether that be endpoint protection , cloud security or NextGen SIEM .
When choosing a threat intelligence provider , consider the triple A triad : accuracy , availability and actionable .
You don ’ t want external intelligence that ’ s going to spawn a bunch of false positives . You want accurate , timely threat intelligence that ’ s published rapidly . You need intelligence that is highly available and can be accessed as needed . Finally , you don ’ t want to have troves of structured and / or unstructured data without meaning ; it needs to be actionable .
Security analysts and vendors generally agree that threat intelligence and SIEM are a strong match . Explore our Threat Intelligence Services ( TIS ) a bit deeper to understand the platform enhancements made possible through this integration .
28 Issue 02 | www . intelligentciso . com