Military Grade Plans: Threat Intelligence is a Priority
Cyber threat intelligence is vital for every business. However, it is not easy to know how to use and process this information. These tips from Vince Crisler will help you make threat intelligence a part your organization’s muscle memory. Although cyber threat intelligence is essential for any business, many organizations don’t know how they can use it. Threat intelligence is used by the military to predict and prevent problems. The same principles can be applied to protect your customers.
According to Vince Crisler (now chief strategy officer at Celerium) and a member of the CompTIA ISAO Council who has spent many years in federal and military agencies prior to starting his own company, “Leveraging threat intelligence means being strategically, operational, and tactical.”
Crisler stated that threat intelligence is not just about bad guys attacking your system. It’s also about finding all the weaknesses in your system.” Crisler spoke during a breakout session at CompTIA ChannelCon2022 called Making Cyber Threat Intelligence a Part of Your Organization’s Muscle Memory. Crisler described several steps that can be used to make threat intelligence part of your organization’s muscle-memory. Let’s take a closer look at each phase.
First, gather data on breaches and financial impacts, as well as the trends and activities that lead to bad actors.
“This stuff is essential for you to understand in order to be knowledgeable in this field. It’s also a great way to market your high-level, expensive stuff. Crisler said that this is what can help your customer understand what’s happening.
Use data from trusted sources like:
* CompTIA ISAO
* The Department of Homeland Security Cybersecurity and Infrastructure Security Agency
* Industry reports
The second phase involves using the data. Look at your strategies, techniques, and procedures.
Crisler stated that the operational level is about running your day to day business. This is how you plan, how you think about risks, and how you use the intelligence you have gathered.
Analyze your business’s operations and identify potential targets. Who are your potential targets? Identify the technologies you are using. Crisler said, “If there is a vulnerability against it, I want that information.” “That’s threat intelligence.”
Operational also refers to cooperation with open threat intelligence communities or research groups sharing information about current dangers.
Crisler considers the tactical phase of cyber threat intelligence the most difficult because it involves discovering your own vulnerabilities. Try to think like a hacker, and break into your system. You can reverse engineer malware by looking at logs and spending time analysing malicious code and forensics data.
Crisler stated, “Part of this is to figure out how they could get into.” Once you are in, download an exposed server and the code to see how it spreads laterally across your surface.
The tactical phase allows you to act before reacting. You can then use the weaknesses you discover to protect your customers. Crisler asked, “Are there open ports on firewalls for customers you don’t know are open?” “The recon can help you determine how exposed you may be.”
You can also use tools to determine if someone is planning on targeting customers. Crisler stated, “You can see who is doing recon against you organization.” “Are your scans increasing over the past week?”
Act before you react
You can avoid embarrassing mistakes by treating your system as an entire process and not just individual parts. These vulnerabilities can be fixed. Set up alerts to notify you if the system is exposed to activity from an external user.
Cyber threat intelligence can help you respond calmly to possible threats without overthinking and freezing. It is important to practice your response plan so that you can recall it.
Crisler stated that muscle memory is the ability to perform a task without thinking about it. It’s like juggling. You can mess it up if you think of juggling. It’s amazing how much you can do once your muscle memory is established.
Want more Cybersecurity Information? Check out CompTIA’s 2022 State of Cybersecurity research document now.