Press
2.11.2023
Every day thousands of cyberattacks impact the daily lives of millions of people, data is increasingly exposed and people are increasingly being targeted in order to obtain information and additional data that, as they are often defined, are the gold of the future. In this labyrinth of threats, the only defense seems to be to raise more and more shields in defense, and among these, a tool that stands out as an effective defense weapon against bitter opponents is the 'Threat Intelligence'. In recent years, this defense has taken on an increasingly central role in protecting growing amounts of data, but what is meant by this term is not obvious. Threat Intelligence can be defined as a process of proactively collecting, analyzing, and disseminating information about emerging cyberthreats. This process draws from a wide range of sources of information, including, but not limited to, technical indicators, hacker forums, social media and “Market Places” on the Dark Web, places where data is usually sold to the highest bidder. Thanks to a careful comprehensive analysis of heterogeneous data on threats and their processing aimed at obtaining motivations, objectives and methodologies, Cyber Threat Intelligence professionals seek to identify new threats, to attribute them to specific malicious subjects, to predict future attack models and finally to develop effective countermeasures.
So why use Threat Intelligence?
Malicious actors, often offering “as-a-service” services at the service of third parties, are increasingly motivated and increasingly equipped with technological and economic resources. But often computer vulnerabilities are the result of 'not knowing' and 'not seeing', so having a full awareness of the entire attack surface area (the so-called Attack Surface) exploitable by a malicious subject is essential. Understanding the IT ecosystem in its entirety helps to prepare for, prevent and recognize threats with more optimized security mechanisms. Traditional security measures, such as Firewall and antivirus, are essential but no longer sufficient to mitigate increasingly dynamic and complex threats, so having access to this type of information allows the company to adopt a proactive approach through faster decisions, more contextualized to its reality and based on real data. This is possible because information on cyberthreats can provide accurate, timely and relevant information and can be used to reliably identify existing or emerging security flaws.
Threat Intelligence offers accurate data to identify vulnerabilities. It also helps leadership assess risks, necessary resources, and financial impact in cybersecurity. A better understanding of the threats that must be faced therefore allows you to protect yourself from them by optimizing costs and efforts. Services such as Early Warning and Attack Surface Management allow companies to identify and reduce potential threats to their systems and data by providing a complete view of the attack and constantly monitoring potential threats from outside. The Early Warning service allows you to monitor any data leak, be it login credentials, email addresses and other company data, going to scan the entire web (both Clear Web and Dark Web) in search of malicious actors who are targeting the company by examining thousands of sites and forums where the attacking actors exchange or sell such data.
How can a company equip itself with these tools, improve its awareness of internal and external threats, and therefore improve its security posture?
There are several services that you can subscribe to to receive these information flows. The Threat Intelligence market has reached a certain maturity in recent years. Different services also have different approaches, some are better at discovering information on social media, others at finding content on the dark web, others at finding domain squatting as soon as a probably hostile domain is registered. Some of these services, the most complete and professional ones, are however accessible only to Managed Security Service Providers (MSSP) like us, specifies Gianpiero Abellonio, Partner and Senior Advisor at Security Lab.
So what can you recommend to companies that want to be interested in these services?
The suggestion is to always rely on a proven reliable MSSP that uses and integrates different services so that the customer has a single source of information that is concerned not only with integrating these flows but with carrying out the “triage”, that is, determining the relevance of information and transmitting it to the customer only if assessed as a probable threat, continues the Partner.
Where to start and what are the first steps to follow, however, is far from immediate.
During activation, the customer is asked for some information that therefore represents the “scope” of the service, that is, what must be monitored, in terms of corporate domains of sites and e-mail and keywords for which to verify possible exposure on the web/dark web. Examples of m keywords can be names of brands or products or services, or names of relevant people within the organization, note Abellonio.
Once the setting and calibration of the data collection has been completed, we move on to the real start-up phase.
The MSSP configures and activates flows from its information providers. In this assessment phase, a lot of information is then collected and a first detailed report is prepared for the customer and presented. Subsequently, the MSSP receives from its information providers only the new information not detected during the assessment phase. The information that is received over time is then communicated to the customer as soon as it is detected and clearly if considered of a certain relevance, notes the Partner.
This is a particularly fluid subject, and in some ways even complex, in which the expert's opinion is fundamental, as is staying constantly updated on “market” developments, which therefore lends itself well to a dedicated event.
In collaboration with ATED, we organized an event at the Dante hotel in Lugano for November 30 at 2:30 p.m., where there will be several speakers and 5-6 speeches on the topic of Cyber Security news and trends with Threat Intelligence as the main focus, a sort of common thread. We will talk about the news in the new ISO 27001 and in Nist 2. In both management systems, one of the innovations is in fact represented precisely by Threat Intelligence, it highlights Alberto Redi, CEO of Security Lab, which continues:
There are two specific interventions on Threat Intelligence, one to deepen the topic and the second by Group Ib, one of the main brands we use to provide these MSSP services, which will illustrate their mix of services and will also make a practical demonstration. At the end, we will take stock of the New Federal Data Protection Law (NLPd) that came into force last September 1. At the end, the usual aperitif and space for networking and in-depth analysis with the speakers.
Achille Barni
