Industry View from
Exclusive video courses from Anomali
In today’s cybersecurity environment there are many tools to manage information, but with little integration between them resulting in extra resources and time to properly manage the information. A Threat Intelligence Platform (TIP) helps organisations combat these challenges. Implementation of a TIP enables companies to collect, manage and share threat intelligence.
In this session we’ll explore the different data points we get from feeds, frameworks, and integrations so we can see if there are any useful data sets that will be relevant for follow up in our security environments. We utilise open source feeds and commercial feeds specific to our industries. Then we can focus on the behaviours of attacks, MITRE ATT&CK is a well know framework that is utilised in our space. TTPs or Tactics, Techniques and Procedures are another way to keep track of what is commonly being used by attackers, learning their latest TTPs allows you stay ahead of the threats.
Sharing threat intelligence is a vital element in your security strategy as it has the potential to reduce response times to events and enact preventative measures. While many organisations have concerns around sharing from privacy and liability to bad publicity, remaining private isn’t the solution. Through sharing information with others, we can create a united, proactive front against cyber-attacks.
Utilise threat intelligence to save time and money by improving operational efficiencies. Do this by mitigating false positive, which can be a productivity killer. Work with threat intel partners to incorporate integrations into your platform. Retrospective analysis allows you to take much longer view of your archives to confirm that you haven’t been breached by bad actor in the past.