As IT infrastructures and our relationship with computing devices evolve, so does our threat profile.
In CTU senior security researcher Aaron Shelmire’s upcoming presentation ‘Partly Cloudy with a Chance of Mobile’ at Enterprise Security and Risk Management, he’ll be exploring emerging areas where intrusions are occurring, exploring specific threats that SecureWorks Counter Threat Researchers have identified, as well as those areas where activity is declining.
He’ll be covering observed activity in:
- Mobile platforms
- Cloud infrastructure
- Traditional enterprise system exploitation
However, let’s take a step back and start here with some scene setting about the overall value of threat research and intelligence. Threat intelligence is all about improving your understanding of the likelihood that your organisation will be breached. Without that understanding, how can you know where to focus your detection and incident response activities? It’s true what they say: knowledge is power.
Today’s cybercriminals are less predictable, more persistent and resourceful than ever before, better funded and better organised. They are diverse too, with attacks happening daily from threat actors ranging from crime syndicates to teen script kiddies to nation state funded attack groups.
Attacks can be commodity based, high volume and opportunistic, aimed at everyone using a scattergun approach to hit as many targets as possible. Ransomware often falls into this category, as do banking trojans. On the other hand, targeted attacks focus on a specific organisation or network, employing multiple methods such as zero day attacks and advanced persistent threats to gain a foothold with a specific outcome in mind. Goals may include intellectual property theft, financial loss, the compromise of client information, public embarrassment and, ultimately, the health and longevity of your organisation.
Even if an organisation resists one attack, the threat actors often quickly shift to use new tools, tactics and procedures (TTP), perhaps faster than your security team can respond. This makes detecting sophisticated attacks more difficult. But with access to the latest threat intelligence and analysis, it becomes possible for you to know what is happening now, how it’s happening, who’s behind it and what they may want from your organisation. Understanding the intent is especially important because it helps you know where to focus your defence.
Time and visibility are critical components for defending against cyberattacks, specifically, how long it takes to detect and respond to a threat. Speed of detection can make all the difference to your organisation by reducing potential business disruption, protecting brand reputation and reducing remediation costs. We hope this shows that looking at the threat landscape beyond your perimeter is an undeniably sensible choice. However, it’s not just hard to do on your own, it’s exponentially less valuable too. When it comes to threat intelligence, together really is stronger.
SecureWorks threat intelligence is based on rigorously gathered data and research from the world’s smartest cybersecurity network – more than 4,400 organisations in 60+ countries, backed by an elite corps of SecureWorks researchers and analysts in our Counter Threat Unit™, and supported by the industry-leading SecureWorks Counter Threat Platform™.
By aggregating and analysing data from these multiple sources we amplify the power and reduce the complexity of our clients’ cybersecurity investment, offering exponential visibility into the threat landscape to keep them safe in a digitally connected world. The SecureWorks Counter Threat Platform was created and is continually enhanced by our leading team of analysts, researchers and engineers. This combination of human and machine intelligence makes us uniquely able to protect clients from current threats, alert them to threats on the horizon, and empower fast, effective action.
Our clients are part of a growing global network of organisations who together form the strongest, most proactive defence anywhere. These organisations understand that harnessing our global cybersecurity network, with its data-powered visibility, is the surest way to protect their most valuable asset – their customers’ trust – so they can overcome the risks of a digitally connected world to tap into its unprecedented opportunities for their business.