What is Threat Intelligence?
Threat intelligence is more than just threat indicators or data points without context – it is actionable information that can guide security strategy and alert organisations to ongoing and emerging threats. The right data combined with expert analysis provides predictive information about the adversary, such as how they will gain access, pivot within the compromised network and exfiltrate data.
Secureworks Threat Intelligence service provides the intelligence on WHO is creating the malicious activity and HOW the malicious activity is attacking the client’s environment. But more importantly, Secureworks Threat Intelligence can provide guidance on WHAT has happened in the client environment and the actionable next steps the clients can take to remediate the threat.
Building Stronger Defences Takes Actionable Intelligence
Knowledge is power - not just in business, but also in the world of cybersecurity, where the ability to see and know more about the activities of threat actors empowers security professionals to do more about the dangers and risks organisations face.
Making that knowledge usable and consumable however is challenging, and requires a dedicated team with deep visibility into the cyber underground.
At Secureworks, we harness the power of our global network of clients to enhance our visibility into the threat landscape and provide additional context around threats to your IT environments regardless of country or industry – making our Threat Intelligence Services truly intelligent, and enabling clients to see more, know more, and do more to respond to threats quickly and effectively.
The 2017 Ransomware Defence Survey Report is to provide a picture on the true impact of ransomware on organisations across industries. This report not only includes the full survey results, but also expert analysis of how to put this information to use to improve your organisation’s ransomware defences.
The survey uncovers some stark contrasts, such as:
- Seventy-six percent of security leaders believe that ransomware represents a significant business threat to their organisation versus five percent who said it is an over-hyped news story.
- Only twenty one percent of security leaders are extremely confident in the capability of their organisation's defences to detect malware on endpoint devices before it spreads from workstations and infects critical files via file-share.
For several years, Secureworks has offered the attacker database service, which is a set of threat data feeds and APIs that allows our clients to directly consume our threat indicators intelligence. In this video, Ben Feinstein, Director of Operations & Development of our Counter Threat Unit , outlines how we quantify and measure the value of threat intelligence as he demonstrates advanced countermeasures via an actual client scenario.
More Discussion from the Video
- How to understand the value and application of the Secureworks Threat Intelligence Service
- How to protect and enhance your investment in existing product platforms
- Learn more about how Secureworks threat intelligence works in conjunction with complementary vendors
Good threat intelligence is more than just producing a hash/IP address/domain. The right data combined with expert analysis provides predictive information about the adversary, such as how they will gain access, pivot within the compromised network and exfiltrate data. Without context rich data and analysis, security practitioners cannot effectively defend against both internal and external threats.
There is a lot to be gained from open source intelligence analysis, including free threat intelligence feeds, but the cost to extract that value is not insignificant and relies on gaining an understanding of what the data represents, how it is collected, when it was collected and perhaps crucially, what is missing.
At the end of the day, there is no substitute for intelligence that has been produced by trusted and experienced analysts, assessed for its true impact and applied with urgency and context.