[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Understanding the Threat Intelligence Lifecycle
Everyone is interested in Threat Intelligence (TI). There is a race to the top of the mountain with regards to providing ‘Intelligence’ on the ‘latest threats’; but, what does that really mean for information consumers?
Understanding the lifecycle and some key framework concepts of Intelligence will help people understand where TI really enters into Intelligence; and how the basics can be leveraged to derive value added information into the organization.
Threats, internal threats, external threats, relevant threats, hacker threats, malicious threats, advanced threats, common threats, threats, threats, threats…..WHERE ARE THE THREATS!!!???
The first step the organization performs is to recognize and understand the Intelligence Lifecycle. Once management understands the input(s) and output(s) of their request their expectations of returns will be on par with the initiative.
The second step the organization performs is to mandate the work to a security analyst within the organization. Although there are dedicated vendors who can also provide this information from a cost perspective this local government has decides to use an internal resource.
Once given the mandate for a generalized Intelligence effort the security analyst begins looking at relevant collection mechanisms.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c840d86cb7&e=20056c7556
ARE WE READY FOR A THREAT INTELLIGENCE PROGRAM?
To be both useful and of value to your organization, there are a number of things you should already be doing well before you can fully capitalize on the value threat intelligence brings. This means having foundational information security capabilities currently deployed and tuned as needed. At the bare minimum, you should have mature processes around the following: configuration and patch management efforts, centralized logging and event correlation capabilities, advanced malware detection and analysis capability, network monitoring, asset and data inventory, incident response, and forensic investigation capabilities. These core capabilities will allow you to significantly leverage threat intelligence programs to their fullest potential and demonstrate their value. These processes allow the organization to leverage threat intelligence in both proactive and preventive ways. It also enables the organization to identify and assess new threats to the organization.
Quick wins like these should allow you to leverage the enthusiasm and, ultimately, aid in growing the program, planning the strategic growth of the program and maturing services from a reactive to proactive service line. Clearly, threat intelligence is more than just bits and bytes, but rather a valuable business program than can reduce risk. Understanding, educating and articulating this is as much of a requirement as where you can find the next source feed (and the topic of another article).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7f5ddba00b&e=20056c7556
Security lessons from the NSA malware defense report
The NSA’s Information Assurance Directorate released a report on malware defense. Uncover which guidance and best practices would be fruitful to integrate into your enterprise security plan.
The 11 best practices include: implementing strong network segmentation, protecting administrative accounts, deploying security monitors, keeping software updated and monitoring logs from security controls. The final section of the report focuses on incident response planning for destructive malware. The basic tenet is the sooner an enterprise can detect an attacker, the sooner it can limit the damage and evict it from its network.
It is a brief report with helpful pointers to more information on the individual recommendations that every enterprise should review and consider using, if they don’t already. The steps outlined in the report can help enterprises defend against destructive malware — and if they don’t know where to start, it certainly serves as a useful starting point.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ce83663ca0&e=20056c7556
Hackers targeting users of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander
19,000 malicious emails have been sent in three days from spam servers worldwide, inviting users to download an archive containing a malicious .exe file.
Bitdefender warns that the file acts as a downloader that fetches and executes the Dyreza banker Trojan, also known as Dyre. This represents a sizeable risk for customers of reputable financial and banking institutions from the UK, France, Germany, the US, Australia and Romania, many of whom have been targeted.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f57cb48d7e&e=20056c7556
GAO: Bank Risk Analysis Comes Up Short
Banking regulators are not adequately analyzing risks across institutions’ enterprises, and not all IT examiners are well trained, according to new report from the Government Accountability Office about cybersecurity within the U.S. banking industry.
But a new GAO report also notes that not all regulatory agencies have the same oversight authority. In its report, “Cyber Security: Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information,” the GAO calls on Congress to take action to address this imbalance.
NCUA Executive Director Mark Treichel says the agency agrees with the GAO that the credit union regulator should have authority to review third-party service providers for cybersecurity resilience.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ff22743703&e=20056c7556
Survey: Email Systems, EHRs Among Top Cybersecurity Concerns
Overall, the survey found the top three threats to security cited by each group were:
– Malicious outsiders, cited by 68% of respondents;
– Compromised applications, cited by 65% of respondents; and
– Application, system or network failures, cited by 40% of respondents (Hall, FierceHealthIT, 7/6).
When asked about the top information assets that pose a security risk:
– 51% of respondents cited EHRs;
– 46% cited mobile communication devices; and
– 32% cited patient portals (Health IT Security, 7/2).
Meanwhile, nearly 75% of hospital administrators cited email and messaging systems as the greatest security vulnerability, compared with 50% of physicians.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=045b95f048&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=66c19be108)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)