Since threat intelligence is a learning exercise, we understand that the perimeter is no longer a viable defensive strategy. Rather, it has become a strategy based on situational awareness of our operating environment. An often cited fact is that approximately more than 80 percent of all breaches originate from an external source, so the question now is how to react quicker to such attacks. As we collectively employ better defensive mousetraps to catch or blunt attackers — hopefully prior to losing our crown jewels — the opposition is rapidly sharing new methods and exploits to use against us.

If the Security Game Is Fast, Why Are We Losing the Footrace in Threat Intelligence?

There has been an explosion of threat intelligence and data at security teams’ fingertips. From the new data on malware and attack methods that are overwhelming security professionals and teams in volume and velocity to the multi-silo security products producing volumes of data, more personnel are required to operate defense measures. The challenge now is how to gather and consume this exploding defensive data into a coordinated response and protection plan across and between organizations. We are slowly bringing our resources to coordinate against a determined foe. Hence, the game is afoot in our new brand of information warfare.

So what do we do now to keep pace and take control of our security intelligence focus on situational awareness? Ideally, we are feeding threat intelligence from multiple sources into our security products. More importantly, we can automate our ingestion of this data into strategies from similar streams of digestible protections and warnings.

Currently, this is where many of our defenses falter. The outside stream of defensive information is not structured into a useful set of protocols and formats for our protections to readily consume and act upon, relegating many organizations to undertake this manual, labor-intensive process. When you are under fire, the return on this process is painfully slow. We tend to have trouble with quickly identifying an attack methodology and employing protections before our data is exfiltrated. We lose the next round when the attackers switch methods to keep our defense off-balance. Further, most organizations simply do not have the resources to deploy to manually keep up with this rate of chance — not to mention, it is not their core competency. We need to make this process fast and simple. Enter the world of machine-readable data formats and exchanges.

A Machine-Readable Exchange by Many Names

Should we go with IODEF, MILE, STIX or TAXII? Is this just more alphabet soup? Not really, but the key here is figuring out what is informative for defensive information-sharing and operations and whether it is slated universal adoption. We clearly have a need for this, and to that end, there are signs of the marketplace adopting these formats and protocols and leading contenders moving into the world of standards adoption. That is a good sign for all of us.

There is certainly some heavy lifting to do yet in making the machine-readable formats part of our threat intelligence fully ready for use across all industries and to facilitate a more direct exchange of information among organizations. We all need to pitch in to climb that mountain and gain the high ground against our collective adversaries. This goal is worth the effort as our internal and external constituents demand quicker responses so only a few will experience the pain of the attack and the rest will remain protected. After all, the attackers have been exchanging this type of data for years; it’s time we turned the tables back on them.

Be Among the first to Experience the IBM X-Force Exchange

Image Source: iStock

More from Threat Research

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

15 min read -   April 27, 2023 Update This article is being republished with modifications from the original that was published on April 14, 2023, to change the name of the family of malware from Domino to Minodo. This is being done to avoid any possible confusion with the HCL Domino brand. The family of malware that is described in this article is unrelated to, does not impact, nor uses HCL Domino or any of its components in any way. The malware is…

15 min read

Your private information is probably being sold on the dark web. How can criminals use it?

18 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Late last year, a well-known ride share app and a gaming company were hacked using well-crafted social engineering attacks. Many organizations think they’re safe from attacks by employing top-of-the-line security practices, tools and systems. Those will help deter many types of attacks, but social engineering is a stealthy method savvy threat actors can use to circumvent those measures. And they obviously do it successfully. Social engineering involves…

18 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read