+
EDITOR’S QUESTION
WARREN MERCER,
SECURITY RESEARCHER,
CISCO TALOS
/////////////////
W
e often call intelligence important
within the cybersecurity world.
It’s not so often we think about
why it’s important or how we suddenly
deem it so important within this space.
The importance of leveraging cyberthreat
intelligence now is paramount.
The modern attackers are improving all the
time. Their attacks are becoming increasingly
sophisticated and to that end the best
weapon that the cybersecurity industry can
have in our pocket is that of intelligence.
To quickly understand what intelligence is,
we should try to think of it in the traditional
sense. The military have always used
intelligence to allow them to make decisions
based on enemy movements and to allow
them to decide their course of action. The
cybersecurity world is no different. The
intelligence we use every day is to try and
thwart our adversaries.
The battle against cybercrime is one of
constant evolution. What needs to be
understood is the difference between
commodity intelligence that people can find
on the Internet, subscribe from feeds etc and
the ability to be able to actually turn it into
actionable intelligence.
The ability to have an outcome from your
intelligence is vital. Having intelligence that
you can use to defend your infrastructure is
your end game. This is what you want to be
able to do. This is what gives you the best
return of any gathered intelligence.
Cyberthreat intelligence is very important
as soon as you begin to understand the
distinction between ‘obtaining’ it and
‘using’ it; once you begin to use your
intelligence you can start to arm yourself
with a better understanding of threats that
are pertinent to you and thus allow yourself
to suitably defend against.
www.intelligentcio.com
This is how the organisations can defend
their infrastructure. Understanding an
attack through the use of intelligence
allows the organisation to be aware of
how that attack happened and also any
associated indicators they can use to try
and protect themselves.
At Cisco Talos we publish all our indicators to
allow others, including non-Cisco customers,
to be able to defend their infrastructure.
Intelligence in the cybersecurity world is
important. The collaborative nature of the
industry needs to change.
When we can all band together, where
possible, we create better intelligence.
Collaboration through trust groups, third
party intelligence partners, customers and
even individuals can be the difference
between identifying a threat/attack and not.
This is the hardest part for the intelligence
community to get right as there cannot
be a carte-blanche share all approach
as individual and customer intelligence
is important to keep secure and private.
However, the ability to work together is
something that is improving.
At Cisco Talos we work with a large number
of intelligence partners throughout the
world and we will continue to do so to ensure
we’re improving our own capabilities around
detection and identification of new, unseen
and bleeding edge threats.
INTELLIGENTCIO
35