Threat Intelligence Brings Dynamic Decisions To Risk Management

  /     /     /  
Publicated : 22/11/2024   Category : security


Threat Intelligence Brings Dynamic Decisions To Risk Management


As enterprises bring threat intelligence feeds into risk management equations, they could gain a greater fluidity in risk-based decision-making



If risk management is governed by the age-old risk equation -- Risk = Threat x Vulnerability x Asset Value -- then it would follow that the accuracy of each of those attendant variables can make or break an enterprises IT risk management practice. The security industry has done a lot to hone in on metrics that delineate the latter two: CVSS scoring and countless studies measuring the cost of breaches around specific IT assets have helped risk managers better get their arms around that particular part of the equation. The real sticking point has always been the problem of measuring and tracking the threats.
The threat landscape is so mercurial and threats so dependent on dozens of their own variables that finding a way to measure the probability of a threat hitting its mark can seem a bit of a crapshoot. But thats changing as risk management experts start to depend on the burgeoning market of threat intelligence services to deliver enough real-time information about threats in the wild to make more dynamic risk calculations that allow for the kind of fluid decision-making that can more accurately be described as risk-based security rather than guess-based security.
[Wish you could tell your CEO, I told you so? Youre not alone. See
Airing Out Securitys Dirty Laundry
.]
The way we look at it today, its an important piece of security data, says J.B. OKane, principal consultant for risk management vendor Vigilant, of threat probability. A lot of vendors are providing threat intelligence feeds, and when we look at the larger space of security data and analytics, its an important piece of the larger risk management equation.
In years past, only the largest and most mature of enterprises could get a decent lock on the frequency and flavor of the threats knocking at their doors enough to base actionable risk decisions on them. Other organizations simply did not see the volume of cyberthreats or have the resources necessary to analyze those threats to develop usable intelligence around trending attacks. As security companies have built up practices over the past few years to deliver that intelligence, risk managers are just now starting to see how they can leverage these feeds.
I think organizations great and small can benefit from intelligence feeds, if for no other reason than most organizations dont have the time, energy, or resources to plot and set their own research and intelligence initiatives, says Will Gragido, senior manager of the RSA FirstWatch Advanced Research Intelligence team at RSA NetWitness. They need to be able to depend on a party or multiple parties to provide the insight into the threat landscape that they themselves dont have.
When organizations do it right, they can base their remediation prioritization of vulnerabilities not just on the vulnerability severity, but how that is tied to or paired with threat frequency and severity, OKane says.
Coming up with a threat-vulnerability pairing can help you hone in on a risk-based approach, OKane says. If the feed is coming in saying youre exposed to these threats, you start to narrow things down and turn the threats and vulnerabilities into pairs so that now theyre decision nodes. Now youre getting closer and closer to understanding the true risk that you might be exposed to.
Srinivas Kumar, CTO of TaaSERA, agrees that active intelligence will help drive innovation in IT services, improving early warning and remediation of coordinated and targeted attacks. But it will take equally coordinated efforts to actually integrate threat intelligence into the fabric of todays risk management and security ops practices.
Threat intelligence is basically the vehicle that helps IT to define all of the security controls to the extent that security controls will accept the threat intelligence, he says. At the end of the day, there are many security controls theyre invested in. They need to have something thats coordinating all of these controls together. Without coordinating, its going to be difficult to deal with active monitoring.
There are other challenges, as well. For example, some threat feeds are better than others, OKane says.
Whats a little different is that its a little closer to the problem or the problem space [than vulnerability or cost of breach information]. Its near real-time, where the information is a little fresher, he says. Feeds can vary in their data quality. Some are good feeds, some are bad, some have a lot of error built in. Some have a lot of overlap with other feeds, and so removing that redundancy is always a challenge.
Additionally, finding a way to take the data from the feed and turn it into some sort of metric that can be plugged into the risk formula will take work from both vendors and practitioners, OKane says.
He says that his firm and others are trying to improve the accuracy of threat scoring, not only offering a score on the severity of the threat, but also a confidence score on the accuracy of that severity.
So the severity could be, on a scale of 1 to 10, an 8 severity; however, based on our research, our confidence in that severity score could be 60 percent, he says. When you have more pieces of information for validation that, yes, this is truly a bad site, in fact weve captured some code from that site, thats where you have a higher degree of confidence in that severity score.
As the industry dives further into leveraging threat intelligence to make risk-based decisions, Kumar believes there may even be calls for more standardized scoring, similar to what NIST and MITRE do with vulnerabilities.
In the same way, NIST or some entity has to expand beyond what they do today with vulnerabilities out to attacks, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Threat Intelligence Brings Dynamic Decisions To Risk Management