Threat Intelligence Provides Extra Layer of Network Security
As banking Trojans continue to grow and attackers continue to target financial institutions, many credit unions are relying on cyberthreat intelligence for protection against the latest threats. Threat intelligence is the knowledge and actionable advice about existing and emerging threats. It helps you know what threats are headed your way and how you can effectively respond to them. It‘s like a cybersecurity blanket, always hovering above your network providing you with an extra layer of protection.
Since attackers prefer to target commercial banks, credit unions and other financial institutions over other industries, threat intelligence is growing within the industry. It is a regulatory requirement that banks and credit unions understand the foreseeable threat, not just the ones hitting their networks. Threat intelligence not only provides you with knowledge of the foreseeable threat, it can also help you remove threats that are already lurking inside your network.
Threat intelligence can answer many of the questions you’d like to know about the threats that already have affected your network or are likely to do so. For example, to be prepared to block threats, you might want answers to the following questions:
- - What cyber threats are our peers seeing?
- - Where are these threats coming from?
- - What type of information and data are these threats targeting?
- - How are the threats getting inside our peers’ networks?
- - What are the best ways to block these threats?
If you were to discover a threat already in your network, you might ask these questions:
- - What other threats are likely in our network?
- - Where did the threat actors likely hide other threats?
- - What are the best ways to respond to these threats so that we remove all the threats?
- - How many “backdoors” did the attackers create in our network and where might they be?
Security analysts use data maps to glean information from threats observed on the Internet. Information on one cyberthreat could provide an analyst with thousands of connections to other information about that threat. The maps connect threats to other data, such as additional threats the attackers may have hidden in a network, the places in a network where those threats are likely to be found, and the communication patterns made to other compromised computers.
But intelligence by itself is not enough to protect your credit union. Once your intelligence sources have supplied you with information, you must be able to understand what it means and how it could affect your organization. It takes an experienced security analyst to fully understand the intelligence and help you make strategic decisions about the best ways to block the enemies or to remove them from your network if they are already inside it.
Many organizations discover threats inside their network and try to remove them by themselves. But without complete intelligence on an attack within their network, organizations may be unaware that the malware that they found in one location is probably a sign that other malware is also hidden elsewhere.
So while a credit union may remove one or two pieces of malware, it leaves behind four others. In addition to that, victims who try to remediate breaches on their own often unknowingly leave open backdoors the attackers created, allowing the attackers to re-enter the network, sight unseen, and plant more malware. A threat intelligence team working in unison with an incident response team can remediate attacks much faster than an IR team could alone. Wrapping threat intelligence around 24-hour network monitoring is a smart strategy for a safe and secure network.
Jeff Multz is director of North America Midmarket Sales at Dell SecureWorks in Atlanta.