Threat-intelligence role grows as new threat sharing, analytics opportunities expand CSO toolkits
- 09 March, 2016 09:38
The recent launches of a slew of new threat-analytics services have rapidly expanded options for CSOs who are being increasingly exhorted to improve their monitoring and analysis of their ongoing data-security situations.
Threat-intelligence firm BrightPoint Security, for one, recently dropped its Sentinel Security Command Platform, which expands threat-intelligence data and is supported by BrightPoint Security Exchange, a threat-sharing platform that uses patented proprietary technology to facilitate threat collaboration. The platform can also instantly analyse new threats using BrightPoint's machine-learning engine, which trawls threat-related documents, reports and informal conversations to produce STIX reports for followup throughout the security community.
A partnership between Verizon Enterprise Solutions and data-analytics upstart Splunk, for one, will see Verizon's security services bolstered with real-time analytics to make better sense of the more than 1 million security events that Verizon's Managed Security Services arm handles every day.
The Splunk capabilities will be integrated with Verizon's Advanced Security Operations Center (ASOC), providing what the company called “efficiencies, end-to-end security context and superior intelligence” compared with conventional security information and event management (SIEM) systems. The partnership will be particularly useful in keeping up with the increased data and security burden posed by the emerging Internet of Things (IoT), which often exist externally to conventional network-attached resources and must be managed and analysed accordingly. Last September, Verizon released a Splunk app to improve access to the company's rich threat-intelligence information.
The introduction of more readily accessible threat-intelligence capabilities is intended to empower businesses to take better control of their security-monitoring environment, tapping into threat-intelligence capabilities that have become significantly more robust in recent years. It's an extension of an ongoing campaign to empower users with data and context to understand the attacks with which they are likely to be targeted.
“If you're talking to executives or other line-of-business managers outside of security, [better threat intelligence] means they can really understand some of the risk that they may face,” Aaron Sharp, security solutions consultant with Verizon Enterprise Solutions told CSO Australia upon the recent launch of the company's Data Breach Digest (DBD) report.
“It usually comes back to the data set,” Sharp said. “People don't have endless security budgets, and we really want to help them understand where are their real threats and real risks – and where they get the best bang for buck in terms of putting preventative, detective and response type controls in place to protect their business and their customers.”
Growing use of threat-intelligence platforms reflects a growing imperative for CSOs to engage with threat-intelligence communities to both share information about their experiences, and to learn from the experiences of their peers.
Also playing to the collaborative threat-detection theme, Arbor Networks targeted the threat-intelligence sector with the launch of Spectrum, a platform that the company says “uncovers the internet conversations and lateral movement of attackers on customer networks to reduce business risk from advanced cyber-threats.”
That system taps into Arbor Networks' Active Threat Level Analysis System (ATLAS), a global exchange for threat information that tracks security trends including ever-escalating DDoS attacks.
Security-analytics firm Nuix was also getting in on the action, with a pair of Nuix Insight-branded intelligence platforms providing threat intelligence-based continuous protection and breach-analysis forensic capabilities designed to help organisations both stop attacks before they happen, and to trace through log data searching for telltale signs of attack if something unexpected goes wrong.
And Blue Coat recently joined forces with enterprise-storage giant NetApp to offer a focused storage solution that “significantly expands the capture window from weeks to months”, the company said in a statement. That offering is squarely targeted at users of the Blue Coat Security Analytics threat-intelligence platform, which like all such solutions works better when fed larger security-log data sets that would be unwieldy on many existing storage infrastructures.
Join us at the CSO Perspectives Roadshow in March.
- Hear from International keynote speakers:Robert Lentz, and Graham Cluley,
- A Security Awareness stream
- 18 different interactive Security Exchange discussions