11 minute read
WHY THREAT INTELLIGENCE IS VITAL
from Future Ready
by cxoinsightme
DRAWING PARALLELS TO SUN TZU’S BOOK THE ART OF WAR AND XDR PROCESS, FIRAS GHANEM, REGIONAL DIRECTOR, MIDDLE EAST & PAKISTAN AT THREATQUOTIENT SAYS, THREAT INTELLIGENCE WAS CRITICAL TO SUCCESS ON THE BATTLEFIELD THEN, AND IT IS CRITICAL TO SUCCESS ON THE CYBER BATTLEFIELD TODAY.
Military general and philosopher Sun Tzu once led the largest armies in the world and authored The Art of War, still considered a masterpiece of tactical warfare and very relevant as we wage our battles against evolving cyberattacks. That’s because even though threat intelligence is a relatively new discipline in our cyber defense processes, it has actually been around for more than 2,500 years. Threat intelligence was central to Sun Tzu’s winning strategies and it is foundational to our success today as our security approaches continue to evolve, most recently with Extended Detection and Response (XDR) solutions. Most cybersecurity professionals are familiar with this widely referenced quote by Sun Tzu: “If you know others and know yourself, you will not be beaten in one hundred battles. If you do not know others but know yourself, you will win one and lose one. If you do not know others and do not know yourself, you will be beaten in every single battle.”
Advertisement
According to Sun Tzu, the first step in awareness is information gathering. This includes information about yourself – your assets, priorities,
strengths and vulnerabilities. You must also know your enemy – who and where they are, their size, the types of weapons they use, their motivation, and their tactics and techniques. This information drives basic decisions – is this a threat or not, should we fight or flee, and what actions should we take? Then comes the most important step – calculations. As Sun Tzu said, “The general who wins a battle makes many calculations before and during the battle. The general who loses makes hardly any calculations. This is why many calculations lead to victory and few calculations lead to defeat.” We should not act on the basis of raw data, but rather on information gained by examining the data for relevance, priority and other situational information, which on the battlefield includes terrain and weather conditions. The goal is to apply context to data, so you have the right information at the right place and time.
Parallels with The Art of War and the XDR process
Relating this process to XDR, we see close parallels. Gathering information from different disparate internal and external sources and domains is the “extended” part. The distribution or dissemination of information across your security infrastructure is the “detection and response” part. Finally, calculations involve converting raw data into relevant intelligence and this is the basis for responding efficiently and effectively to a given situation.
To accomplish this, what’s needed is a data-driven security operations platform that allows you to extend capacity to consume and manage data, be it internal or external, structured or unstructured. A lot of valuable data you get from third parties is trapped within their technologies, so the platform must be based on an open architecture, where integrations are broad and deep to help you unlock that valuable resource as well. Having aggregated and normalised all that data, the platform then must be able to correlate the data and apply context so you can prioritize and filter out noise.
Ultimately, you want to be able to operationalize the data and take the right action. So, the platform must translate that curated, prioritized data for export, allowing for data flow across the infrastructure to quickly activate defense technologies and teams. Closing the loop, the platform
also captures and stores data from the response for learning and improvement. And remember, all of this happens at speed and scale, so automation is key — allowing you to act efficiently for comprehensive response.
Threat intelligence best practices to enable XDR
For organizations considering XDR, or that have already embraced XDR, the following best practices will help you leverage threat intelligence to derive more value. • Use data from all sources: Integration is a core competency to enable
XDR because organizations are not starting with a clean slate but have
dozens of technologies, feeds and third-party data sources across departments and teams. Allowing for strong integration and interoperability with all systems and data sources, internal and external, enables you to leverage threat data. Displaying a wealth of contextualized data via a common work surface enables teams to apply it to understand the threats they are facing to reach the goal of extended detection and response across the infrastructure and across all attack vectors. • Use data to focus efforts:
Prioritisation should be automated but under the control of the security team. Filtering out noise (false positives and information that is irrelevant) using parameters you set ensures prioritization is based on risk to your organization.
Analysts can focus on threats that matter most instead of spending time chasing ghosts. Feedback and results should be continuously captured, stored and used to improve security operations. • Use data to drive response: The most effective way to empower teams is to apply automation to repetitive, low-risk, timeconsuming tasks, and recognize that the need for human analysis remains. Irregular, high-impact, times-sensitive investigations are best led by a human analyst with automation simply augmenting the work. A balance between human and machine ensures that teams always have the best tool for the job, and a data-driven approach to both improves the speed and thoroughness of the work.
XDR is gaining a lot of traction. But in order for it to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach. Threat intelligence was critical to success on the battlefield then, and it is critical to success on the cyber battlefield today.
HOW TO FEND OFF RANSOMWARE CRIMINALS
RUNTIME PROTECTION, WHERE ALL RUNTIME ACTIONS ARE MONITORED, IS THE OPTIMAL SOLUTION FOR PROTECTING YOUR BUSINESS FROM CYBERCRIME, WRITES DANNY KIM, PRINCIPAL ARCHITECT AT VIRSEC
Another day, another high-profile ransomware attack. That’s how the rolling news of the last year has played out as bad actors exploit new vulnerabilities in remote working infrastructures. There were 2,084 ransomware attacks in the US in the first half of 2021, a staggering 62% increase from the same period in 2020. And those are just the complaints that are reported to the FBI.
What’s more, given its relatively low risk and high reward nature, ransomware techniques are often highly successful. With the emergence of cryptocurrencies, cyber criminals can be difficult to trace. Since the COVID 19 pandemic, ransomware has burgeoned into a multibilliondollar industry. Collective global ransomware costs to businesses for 2021 were estimated to exceed $20 billion, with the average breach yielding a ransom of $4.6 million.
The truth is cybersecurity incidents involving corporate data being withheld through criminal infiltration or ransomware have been carried out for years. So much so, that any single organisation is often violated more than once.
Risks at Software Runtime
Ransomware attacks can be executed in a matter of seconds. Malware varieties often gain system access though SQL injection, stealing credentials, phishing and other social engineering methods. Once inside, threat actors access data, hijack operations, deploy encryption tools, encrypt data, and, once they have the data, demand a ransom.
Such attacks do the most damage when they move from desktops to servers. Inside servers, the malicious code runs at the same time as applications, infiltrating application architecture, data sets, and complete workloads.
Enterprise applications in runtime are among the most vulnerable to the threats posed by ransomware malware. Multi-step kill chains, fileless malware and remote code execution are now able to bypass conventional, signaturebased, probabilistic security tools.
Focus on protection, not cure
The good news is that continuous innovation has now yielded a breakthrough solution to prevent ransomware malware from running in-memory alongside runtime applications.
Protection of runtime applications requires that every action be fully mapped and understood. Such protective solutions should monitor every step of application execution and only permit predetermined actions. This is known as ‘deterministic protection’.
These types of innovative solutions do not permit any runtime applications that are not predetermined including malware that is loaded in-memory. The malware routine in-memory will appear as a deviation from the concurrent runtime and will be prevented from execution.
By comparison, conventional cybersecurity tools cannot distinguish between expected and deviant behaviour. Such tools also fail to prevent ransomware because they do not have application runtime visibility.
Conventional tools often only control, protect and provide visibility before and after application runtime – and not when the application deviates from its intended performance.
This breakthrough approach protects the software workload while it is in runtime and prevents ransomware attacks on applications and workloads. It also creates a snapshot of all critical applications, including files, scripts, binaries, container images, libraries, and only allows predetermined processes to execute.
No matter which platform is being used by applications, such as cloud, on-premises, containers, hybrid, or air-gapped, runtime application protection ensures pervasive high security levels. This type of deterministic protection promises to temper the present-day threats of ransomware, no matter what level of advanced malware sophistication is being used.
A NEW MANDATE
RICHARD VAN WAGENINGEN, SENIOR VICE PRESIDENT IMEAR (INDIRECT, MIDDLE EAST, AFRICA, RUSSIA-CIS), ORANGE BUSINESS SERVICES, SAYS GOING GREEN IS A MUST FOR ENTERPRISES
There is no shortage of opinions on whether the recent COP26 climate change conference achieved any of its goals or not. Still, it has made many businesses recognise they have to shift to more sustainable ways of working to meet customers’ demands.
It isn’t just consumers concerned about global warming and demanding better practices in terms of environmental issues. All entities in supply chains from suppliers to manufacturers and logistics companies are asking for green credentials. These include the source of raw materials, waste reduction strategies for production, and reduction in carbon footprint.
In the past eco-friendly business has been a tick-box exercise for many. The landscape, however, has changed. Increasingly we are seeing greater transparency and in-depth reporting around environmental issues and social governance. ‘Greenwashing’, a term coined by environmentalist Jay Westerveld in 1986, where companies hide behind vague and unsubstantiated claims about ecological credentials no longer work. The chances of being exposed are higher than ever.
Green means business growth
It isn’t just about public image; it is also about growth. Gartner has gone as far as saying that chief financial officers (CFO) should start embedding corporate sustainability into their investment propositions, or they will find themselves missing out. The analyst firm maintains that environmental, social, and governance (ESG) reporting is more widely monitored than many CFOs realise. Equity investors and asset managers may be visible to the world. Below ground, however, 91% of banks watch ESG and 24 global credit rating agencies, 71% of fixed income investors, and 90% of insurers, according to the analyst firm.
Of course, the benefits of environmental performance are not purely financial. It can help businesses grow by attracting new customers and attracting and retaining talent. With a wide skills shortage, the latter is now a priority. A recent study by Deloitte, for example, found that 44% of Millennials and 49% of Generation Z make choices on the “type of work they are prepared to do” or “organisations they are willing to work for” based on personal ethics.
Measuring how successful initiatives are
As companies increasingly focus on the environment, they need to develop their metrics more. Effective measurement and monitoring spotlights changes in behaviors and can reduce waste.
Metrics allow organisations to track their progress and demonstrate improvements to stakeholders, partners, and customers. Environmental key performance indicators (KPIs) are important here, but they need to use accurate data, align with business objectives, and evolve as the business grows.
Environmental KPIs will help companies manage and communicate the links between environmental and financial performance. These include greenhouse gas emissions, pollution of land or water, and resource use such as coal, oil, and forestry.
New ways of highlighting audited environmental data are appearing, but there is still a lack of standardisation. The French food group Danone, for example, has adopted a voluntary carbon adjusted earnings per share initiative created to show the financial cost of carbon emissions on its value chain and allow investors to understand the multinational’s environmental imprint better.
Making environmental changes easy to understand
Complex metrics and KPIs are acceptable, but I believe that we need to keep it simple to make a change in enterprises that will help protect our planet for future generations.
Sustainability in any organisation starts in the office. In Jordan, for example, Orange Business Services has installed solar panels as a smart energy solution. Only 2.5% of the earth’s water is fresh; rapid urbanisation and global warming have made it a scarce commodity. To this end, we are recycling water where we can relieve global water stress.
This is where my ‘keep it uncomplicated’ maxim comes in. As I said we are active in saving quality water and working to protect against shortages, so we recycle water where possible. It is much easier for employees to visualise how many bathtubs of water they have helped to recycle than trying to visualise it in cubic meters.
Change course before it is too late
Organisations have a critical role to play in reversing climate change and protecting biodiversity. Analyzing the environmental impact of your business on the planet may not be globally mandated at the moment. But, it may not be that many years off, so it is wise to take action now.
