One of the big reasons it has been difficult for the IT security industry to address the rapid proliferation of new and insidious malware is—simply put—speed. Security threats appear and spread so quickly that by the time a virus definition has been rolled out to a malware scanner’s threat database, there is already a new variation on the way. Hackers have managed to stay one step ahead of the security solutions that are out there.
That’s where real-time threat intelligence comes in. To address the concern of zero-day threats (cyberthreats for which there is no known virus protection) and other security concerns that outflank traditional cybersecurity solutions, security professionals have to be ever vigilant—not just thinking about security when it’s time to roll out a patch. Real-time threat intelligence enables this vigilance.
The following four developments in real-time threat intelligence will give you a feel for the creative and innovative steps that the security world is taking to combat the latest, quickest-moving security threats. Understanding how to implement these effectively will keep your clients, and the whole of the business landscape, that much safer as well.
1. Sharing Information About Compromised Systems
Botnets, which harvest processing power from malware-infected systems and use it in aggregate to wage cyberattacks—such as DDOS (Distributed Denial of Service) attacks—on specific targets, are one of the most prevalent ongoing concerns of security professionals. They adversely affect both the systems infected and the systems targeted. Some researchers and vendors are exploring the notion of updating security solutions with real-time IP data and other information about infected systems so that enterprises can use that intelligence to arrest the spread of the threat—effectively breaking the momentum in a row of falling dominoes.
2. Real-Time Cyberthreat Mapping
What can we learn from the geographic location of cyberattacks? While a piece of malware can jump from Romania to the U.S. and back in the blink of an eye, there are also plenty of ways that malware can proliferate within a given geographical space. Outbreaks of malware brought from apps into offices, or on networks doing business with each other or adjacent to each other, will move through space in particular ways. Some solution providers are creating real-time threat maps, giving graphical depictions of where threats and which threats are proliferating as the attacks happen. Being able to see these data laid out visually allows security professionals to notice trends and take action.
3. Calling in for the Latest Real-Time News
The good old-fashioned hotline can be a valuable tool in the new world of IT security. Some vendors are offering top-notch real-time security information made available over the phone. An IT professional at a business who has just heard about a new threat, or has noticed a system behaving strangely and wants an informed opinion on what exactly needs to be done, can call up and speak with a dedicated top-tier security researcher.
4. Advanced Monitoring and Prioritization
Different threats have different ways of infiltrating systems and different intentions. With this in mind, some vendors are beginning to give their solutions a boost with information, rolling out intelligence updates about emerging threats that allow a solution to trigger prioritized alerts. Rather than just finding out when a piece of malware has arrived on a machine—or worse, after it’s already installed itself—a user can receive alerts about numerous different types of strange network behavior, indexed against developing security threats out there in cyberspace, to provide a more dynamic kind of protection informed by threat intelligence.
What other ways have you seen real-time threat intelligence used in the field?