New year, same story. Cyber threats continue to be a key risk facing all organizations. When it comes to threats, the names, types and severity vary, but the one constant is that the threat environment continues to be intense and highly dynamic. Look no further than the last six weeks where security teams have been dealing with threats related to the Log4j zero-day vulnerability, PwnKit and just this week LockBit 2.0 ransomware after the FBI’s Flash report.
While there are multiple ways organizations can better protect themselves from these threats, one of the most critical things organizations can do is increase their use of cyber intelligence. Cyber intelligence (more commonly referred to as threat intelligence) provides organizations with powerful visibility into the broader threat landscape and organization-specific threats. While visibility is a key benefit, cyber intelligence becomes significantly more powerful when it is used to proactively prevent threats.
Breadth, Automation & Proactive Prevention Are Critical When it Comes to Cyber Intelligence
When it comes to cyber intelligence, there are several critical points that need to be considered.
- Breadth Matters: No single source of cyber intelligence (or single security control) can provide organizations full coverage of the threat landscape. The threat landscape is too large and dynamic for one “set of eyes” to keep up. This is why it’s critical to use cyber intelligence from multiple sources, including commercial sources, open sources and industry and government sources. Multiple sources of cyber intelligence provides organizations with a force multiplier in terms of coverage of the threat landscape.
- Using Automated Cyber Intelligence is Critical: The sheer volume and dynamic nature of cyber intelligence means that it’s impossible for humans alone to keep up. Therefore, using automated cyber intelligence is critical. Key aspects of cyber intelligence where automation is critical include cyber intelligence updates, the deployment of intelligence to security controls and enforcement (i.e. blocking).
- Visibility is Great, but Proactive Protection is Better: When it comes to cyber intelligence, the primary use case is using it to increase visibility into threats and to help with detection efforts. While this has value, the challenge is that it’s reactive and, in many cases, by the time you detect it, it can be too late. Proactively using cyber intelligence to prevent threats significantly increases its value. But, using cyber intelligence proactively to prevent threats can be easier said than done because many existing security controls have a limited ability to use third-party threat intelligence. However, there are solutions that exist that are purpose-built to use large volumes of cyber intelligence from multiple sources.
The ThreatBlockr solution checks the boxes for all of these key requirements (and more!). ThreatBlockr uses massive amounts of cyber intelligence from multiple best-in-class sources, is highly automated, and most importantly, uses cyber intelligence at scale proactively to prevent threats.
Cyber Intelligence & ThreatBlockr in Action Protect Against Zero-Days & Advanced Threats
When it comes to protecting organizations from zero-day and advanced threats, the power of cyber intelligence and ThreatBlockr can be seen in the following real-world examples.
- Log4j – ThreatBlockr provided immediate protection from Log4j threats with thousands of Log4J related indicators immediately and automatically available within ThreatBlockr cyber intelligence sources. These indicators were spread across more than 15 different sources, highlighting the importance of breadth. We also found an over 90% increase in blocking activity across ThreatBlockr customers.
- PwnKit – Recently, we conducted a firewall risk assessment for an organization. Our firewall risk assessments show threats that bypass an organization’s firewall that would have been blocked by ThreatBlockr. The assessment results showed that several malicious outbound connections to IPs associated with the PwnKit threat. These connections were allowed by the firewall but would have been blocked by ThreatBlockr.
- LockerBit 2.0 – The FBI Flash report on LockerBit 2.0 highlighted 11 IP indicators that were associated with command and control infrastructure related to LockerBit. All of these indicators were already on cyber intelligence feeds being used by ThreatBlockr.
These examples not only illustrate the power of cyber intelligence and ThreatBlockr, but also validate the critical points we discussed earlier. When it comes to cyber intelligence, breadth matters, automation is critical, and using cyber intelligence proactively to prevent threats is key to maximizing its value.