The phenomena of the external cyber threat intelligence market is relatively new, coming to the fore only about five years ago. Today, we are seeing more players hopping on the bandwagon, be they from stand-alone solutions or from offshoots from a product (e.g. through an endpoint, firewall or other security solutions).
As a business leader, how do you know which threats matter and how important are they when you plan out your organisation’s cyber security requirements?
To fully understand the significance of cyber threat intelligence, iTNews Asia speaks to Shermaine Tan, Head of Channel Sales and Development, IntSights Cyber Intelligence, an Israeli developer of external cyber threat intelligence solutions, and a member of the Association of Security Professionals (AISP), the ISC2 Singapore chapter and Centre for Strategic Cyberspace and International Studies (CSCIS.org) Singapore Chapter.
As the name implies, cyber threat intelligence (or TI for short) seeks to provide enterprise tech users with up-front intelligence about threats that may pertain to their IT network, service and assets, so they can ensure in place the appropriate defenses, or minimise the vulnerabilities or exposures, as best as they can, to mitigate the risks therein.
These specifically are threats external to the enterprise IT infrastructure – we call it ‘outside the wire’. It is not so much a direct ‘brute force’ hacking of the IT network or servers etc. Rather, it’s about the organisation’s digital footprint and digital assets – including its web site, IP addresses, pieces of data that is sitting somewhere outside, even defending the organisation’s brand, and also the digital elements and identities of their VIPs (key officers – Chairman, C-Level, board of directors, senior management).
iTNews Asia: How does ‘defending the organisation’s brand?’ involve cyber-security, or vice versa?
Cybercriminals today use your brand against you. For instance, they can impersonate your social media accounts, develop rogue mobile apps, sell stolen and counterfeit products, and hijack your brand to run scams.
External visibility and control over these brand threats are critical to safeguarding your valuable portfolio of trademarks, logos, and products. So, we try to help to protect what’s yours. But it goes one step further – you also need to protect your customers.
It’s not just you they want. Hackers impersonate your brand to steal your customers’ data – to sell, abuse, impersonate etc.
We need to know about brand hijacking attempts, and take the measures to bring down the rogue sites – and help organisations preserve customer trust and loyalty.
At the same time, there are malicious apps and scams that needs to be dismantled. Companies have to detect, prioritise, and take down external threats to their brand across the clear, deep, and dark web – eliminate fake mobile apps, knockoff scams, brand misuse, the spread of misinformation and leaked intellectual property.
iTNews Asia: What about phishing? The damage from phishing is often not well known or misunderstood.
Of course when we talk about cyber threats, we also need to look at phishing. We have to prevent phishing early in the attack chain. We must not ‘bait the hook’.
Phishing remains the easiest, most popular, and most reliable technique for threat actors to trick vulnerable employees and customers into revealing sensitive data. It’s critical to identify potential phishing attacks as early as possible to shut them down before human assets become attack vectors.
There are steps organisations can take, one of the most critical is being able to identify early signs of phishing weaponisation.
I know it’s starting to sound more scary, but you need to monitor for common phishing tactics — domain spoofing, look-alike domains, typosquatting, homoglyphs, and more — that use countless permutations of your legitimate domains and subdomains.
These are all obvious tricks of the perpetrator – but we keep getting hit. Act on early warnings.
You need to be able to continuously track suspicious domain xChanges - monitor and correlate changes to domain attributes, including Whois info, MX and/or A record changes, IP reputation, and SSL certificate updates, to gain the full context and risk behind suspicious domains. You must keep a close eye on domains.
Our customers leverage our remediation team and robust ecosystem of partners to accelerate rogue domain takedown requests, block domains on perimeter devices, and shut down phishing attacks before they’re launched. We often collaborate with trusted experts and value-add partners to make this happen.
Any advantage you can gain over your cyber adversaries is worth having. External TI can help you identify new cyber threats early, but this intelligence is only useful if you know how you’re impacted and can act quickly.
The first step in this journey is to find out if – and where – you’re exposed. You need immediate visibility into how your organisation is being targeted based on assessing your domain for threats that lurk across the clear, deep, and dark web.
iTNews Asia: What does external threat protection and digital footprint protection entail?
Firstly – you identify and lock down leaked sensitive information, and you instantly retrieve the leaked data.
Data leakage is one of the most significant threats to companies because it gives threat actors instant access to sensitive data or internal systems. If credentials or confidential data are leaked online, including in public repositories like GitHub, it’s critical to identify, validate, and remediate the exposure as quickly as possible.
Secondly, you discover and reset exposed employee credentials and similarly lock them down.
Instantly discover and automatically lock down your leaked credentials on the clear, deep, and dark web using our continuous monitoring engine, extensive leaked credential database, and automated mitigation capabilities, including our unique integration with Active Directory.
Thirdly, you identify, secure and restore documents.
Continuously monitor black markets, closed hacker forums, paste sites, public repositories, and more to identify sensitive documents, secrets such as API keys, and new data dumps. Obtain data samples from threat actors, validate data legitimacy, and track down sources of leakage or data theft.
Finally, you can protect your customers by uncovering their compromised customer accounts. Monitor exposed or leaked credentials that may compromise customer PII, financial assets, or loyalty program rewards.
iTNews Asia: You have a corporate vision about democratising threat intelligence. Could you share more about that?
IntSights’ vision is to make external intelligence instantly accessible for organisations of any type or size by synthesising complex signals captured from across the clear, deep, and dark web into contextualised, prioritised, and actionable intelligence.
So we democratise threat intelligence by enabling organisations of any type or size to gain the full benefits of external TI, no matter the scope or sophistication of their program. TI need not be this big, scary monolithic thing that only big enterprises and governments can benefit from.
Despite all the heightened awareness and need, our world is still chronically short of cyber security professionals. Democratising TI highlights simplicity of use and automating takedowns and remediations, which help smaller companies to quickly adopt TI and reduce their cyber risk.
iTNews Asia: When we speak of cyber security, TI or digital transformation, it's hard not to take into account the pandemic or the ‘new normal'. What’s your take on this?
As organisations move to remote work environments and face staff and budget cuts, they have to protect their businesses from threat actors looking to take advantage of the disruptions caused by COVID.
They must be able to cover external threats across PaaS, SaaS, and IaaS. The ‘new normal’ requires new intelligence scenarios, which we now extend the intelligence discovery capabilities to include confidential documents, credentials from botnets, GitHub mentions, and many more.
They also have to accelerate their vulnerability prioritisation capabilities with bidirectional integrations and improve platform automation. Through extensive technology integrations, organisations will be better able to streamline their vendor risk assessments.