Is Your Threat Intelligence Platform Just a Tool?
\nThere are new tools coming on the market every day, but many are just that \u2013 a simple tool and not a true platform. A tool may solve immediate needs, but you must evaluate your needs across multiple stakeholders throughout your organization (i.e., SOC, IR, Threat Team, CIO, CISO, Board) and look to a single platform to bring everyone together. The platform must support the integration of all the stakeholders and data that is relevant to each in such a way that all interested parties can work together as a team. Customization of the platform is key, as each organization will have different processes, and the need for data customization across those processes for aggregation, analysis, and action.
\nA platform is a foundational capability. It should be extensible, conducive to enterprise collaboration and evolve as your organization\u2019s strategies shift. We agree with ExactTarget (Salesforce) in their definition of a tool vs. a platform, and in addition to that put forth our spin on the features you want to look for in a Threat Intelligence Platform [list follows \u2026]
\nLink: http:\/\/www.threatconnect.com\/news\/is-your-threat-intelligence-platform-just-a-tool\/ <\/p>\n
Don\u2019t Let 2015 be the (NEW) Year of the Breach\u2026Embrace Cyber Threat Intelligence
\nAccording to our friends at Google, every year since 2011 has been coined \u201cThe Year of the Breach\u201d. That\u2019s an awful long time to be stuck being remembered as yet another year we let bad guys take our stuff.
\nPerforming these exercises gives us a pretty clear picture of the attack surfaces we are presenting to an adversary to gain access to our data. But let\u2019s not pat ourselves on the back too vigorously yet. Our adversary\u2019s tactics drive how we prioritize defending each of these attack surfaces. How do we find out what those tactics are?
\nSecurity is hard folks, and it\u2019s not for the faint of heart. Not a single concept on this blog is something that can be done quickly or haphazardly. We haven\u2019t even touched the attack surfaces presented by the users of our network. We haven\u2019t touched on a lot of topics really. What we have covered is a basic methodology that will go a long way towards making sure we do our part to ensure 2015 gets coined something other than \u201cthe Year of the Breach\u201c.
\nLink: http:\/\/www.isightpartners.com\/2015\/03\/dont-let-2015-be-the-new-year-of-the-breach-embrace-cyber-threat-intelligence\/ <\/p>\n
When DDoS Isn’t All About Massive Disruption
\nNew data shows prevalence of often-undetectable DDoS attacks aimed at quietly wreaking havoc on the network while performing data exfiltration and other attacks.
\nCorero also found a large number of short-burst DDoS attacks lasting anywhere from 5- to 30 minutes. Some 96% of DDoS attacks against its service provider and enterprise customers’ networks lasted less than 30 minutes, and 73%, less than five minutes.
\nLink: http:\/\/www.darkreading.com\/perimeter\/when-ddos-isnt-all-about-massive-disruption\/d\/d-id\/1319581 <\/p>\n
New Neverquest campaign is targeting Canadian banks
\nNeverquest (aka Vawtrak) is a classic Trojan-banker with a variety of different advanced functions to attack online banking customers. The malware often gets installed through downloaders that are dropped using drive-by attacks.
\nThe current webinject reveals that the primary goal, at least of this campaign, is financial institutions in Canada. We have more than 15 unique targets in Canada. The webinject is very much in the style of the ZeuS template and with the goal to alter the content of several specified target websites.
\nLink: https:\/\/www.csis.dk\/en\/csis\/blog\/4628\/ <\/p>\n
CFOs increase spending on cyber-security
\nSixty-three per cent of finance executives in a broader survey said their top response to the increased threat of data breaches was spending more on cyber-security and fraud prevention. In that survey, part of the AICPA\u2019s quarterly Business & Industry Economic Outlook, 29% said they had not made any changes, 13% said they were accelerating the development of new mobile or electronic payment options that could offer more security, and 5% listed an unspecified other response.
\nMost CFOs in an annual survey by accounting and consulting firm BDO said the main response to cyber-security concerns was the implementation of new software security tools (90%) and the creation of a formal response plan for security breaches (72%).
\nLink: http:\/\/www.cgma.org\/Magazine\/News\/Pages\/cyber-security-spending-201512001.aspx?TestCookiesEnabled=redirect <\/p>\n
What is keeping CIOs awake in 2015?
\nKathy Gibson at the IDC CIO Summit, Sandton \u2013 We\u2019ve heard about the four pillars of the 3rd Platform \u2013 big data, mobility, social and cloud computing \u2013 for some time; but now CIOs are looking to transform their organisations in line with these strategies.
\n\t\u2022\tSecurity is a hot button issue for CIOs \u2013 and by 2016 it will be a top three business priority for 70% of CEOs.
\n\t\u2022\tIt is imperative to elevate security to senior executive responsibility, including CXOs in cross-functional governance.
\n\t\u2022\tCIOs are urged to assess overall security architecture and transition from internal fixed cost assets to variable-cost PaaS. And they need to ensure that a security review \u2013 including cost \u2013 is a prerequisite for any new solution whether or not IT is involved.
\n\t\u2022\tMobile adds to the complexity of security, and in mobile-first regions the customer privacy agenda is highlighted.
\nLink: http:\/\/it-online.co.za\/2015\/03\/24\/what-is-keeping-cios-awake-in-2015\/ <\/p>\n
Shipping analysts warn of cyberattacks at sea
\nHackers could interfere with the control of a ship, disable navigation systems, cut off communications or steal confidential data, according to Allianz Global Corporate & Specialty SE\u2019s 2015 Safety and Shipping Review.
\nThe report warned shipping firms to prepare for the likelihood of cyberattacks as hackers around the world become more sophisticated.
\nLink: http:\/\/thehill.com\/policy\/cybersecurity\/236723-shipping-analysts-warn-of-cyberattacks-at-sea <\/p>\n
Fleishman launches global cybersecurity and privacy practice
\nST. LOUIS: FleishmanHillard has launched a global practice focused on helping clients with data security and privacy challenges.
\nThe group\u2019s mission is to provide clients with a one-stop shop to address data-specific challenges in areas including data breach preparedness and response; employee awareness and engagement; privacy protection communications and advocacy; and public affairs regulatory and legislative counsel.
\nThe practice is also supported by cybersecurity and investigations firms, cyber law firms, and cyber insurance underwriters with which Fleishman has a relationship. For instance, one year ago, Fleishman and risk-management firm Kroll formed a strategic alliance focused on cybersecurity and data-breach-risk mitigation.
\nLink: http:\/\/www.prweek.com\/article\/1339661\/fleishman-launches-global-cybersecurity-privacy-practice <\/p>\n
UK government announces \u00a35m anti-malware funding
\nThe UK government has announced a \u00a35m investment to help researchers create new cyber security solutions as part of ongoing efforts to bolster the nation’s defences.
\nThe funding was announced at the World Cyber Security Technology Research Summit in Northern Ireland and will be provided by the Engineering and Physical Sciences Research Council (EPSRC) and Innovate UK.
\nThe research will focus specifically on ways to tackle malware threats, detect intrusions and prevent data theft on laptops, smartphones and cloud storage services.
\nLink: http:\/\/www.v3.co.uk\/v3-uk\/news\/2401139\/uk-government-announces-gbp5m-anti-malware-funding <\/p>\n
When It Comes to Threat Detection and Incident Response, Context Matters
\nCSOs should now be using security analytics tools for threat detection and incident response. These security analytics tools offer the analyst unprecedented access to data they have always logged and kept, but rarely used.
\nThis also allows security professionals to explore data sets previously deemed too large and complex for everyday use like full packet captures of all network data. Now we are seeing the emergence of tool sets that can not only deal with the incredible amount of information coming in daily, but can also be used to review older data. Security analytics tools don\u2019t actually eliminate the need for a Security Incident and Event Management (SIEM) system. They still have their place in most organisations\u2026
\nLink: http:\/\/www.cso.com.au\/article\/571117\/when-it-comes-threat-detection-incident-response-context-matters\/<\/p>\n","protected":false},"excerpt":{"rendered":"
Is Your Threat Intelligence Platform Just a Tool? There are new tools coming on the market every day, but many are just that \u2013 a simple tool and not a true platform. A tool may solve immediate needs, but you must evaluate your needs across multiple stakeholders throughout your organization…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1015","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1015"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1015\/revisions"}],"predecessor-version":[{"id":3502,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1015\/revisions\/3502"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}