In recent months, we’ve seen increasingly sophisticated attacks targeting specific organizations, compromised IoT devices used in DDoS attacks, and large-scale ransomware outbreaks spreading across the globe.
Many businesses struggle to keep up with the security threats they face, and they don’t know how to take the next step to better protect their systems. Updating their IT systems and keeping up with security patches are basic steps, but organizations also need actionable, real-time threat intelligence.
So what’s missing? Here are some suggestions for businesses that want better intelligence about the cyberthreats and cyberattacks targeting them:
Automate your security
Many organizations still use human workers to do security tasks that can be done better by automated, intelligent security systems. Automating many security functions have many advantages. Chief among the benefits: Automated systems can respond more quickly to sustained and intense attacks.
Automation can reduce costs, complexity, and errors. Networks can adapt to security demands in the blink of an eye. Automation can help your cybersecurity team build proactive security that can respond immediately to potential threats.
Intent-based security that can recognize threats or problems and can also understand the reason behind something will be critical to thwart automated attacks with automated security. When an intent-based system learns from past experience, it can take the proactive actions prescribed by your company’s cybersecurity team without the need for direct human intervention.
While some organizations fear a loss of control when they move much of their security response to an automated system, good automation still gives your security employees visibility into the process. Without taking these trusted steps, we will never be able to move ahead and continuously fall behind an ever-growing attack curve. A portion of that trust lies in the quality and calibre of threat intelligence employed by automated systems.
Share cyberthreat information
Business organizations and governments have been talking about the need to better share more cyberthreat information for several years, and this can be easier said than done.
Sharing cyberthreat information with other organizations certainly requires a high level of trust, but the benefits are many. Timely information sharing between organizations can help them recognize future cyberattacks and improve their defenses. By sharing information, organizations can build proactive defenses by working together against cybercriminals.
The Cyber Threat Alliance, for which Fortinet is a founding member, is a not for profit organization led by expert security organizations automating the exchange of real time indicators. This is a good example of how security experts can use automation to exchange threat information to translate into actionable security controls.
Don’t just collect threat intelligence, use it
Information sharing is a great step forward, but organizations need to go beyond sharing information to the next step: acting on it.
Threat intelligence from other groups needs to be integrated with the data collected inside your own organization. Security tools are effective when they all work together to gather information from many sources, correlate it, and then give insight about your own threat environment.
This turns into actionable information that you should convert into policies that cover all your traditional networks, including public and private clouds, endpoint devices, and IoT systems. Businesses need a strategy for converting threat intelligence into action and they need to act quickly on the information received from other companies and from their own internal security systems.