Threat intelligence is the next frontier for transformation

Overburdened security personnel contend with multitude of siloed tools and deluge of alerts, leading to poor incident response and slow remediation, says Ashraf Sheet, Regional Director MEA, Infoblox.

Security organisations are under tremendous pressure to protect their infrastructure and data from existing and emerging cyberthreats and hazards. Through threat intelligence, security teams can make informed decisions on how best to respond to these threats. Threat intelligence is evidence-based knowledge that includes context, mechanisms, indicators, implications and actionable advice, about an existing or emerging threat or hazard. Threats can have internal as well as external sources and can come in the form of malicious IP addresses, hostnames, domain names and URLs.

According to the Ponemon Institute’s 2018 report on Exchanging Cyber Threat Intelligence:

• More than 60% of survey respondents were not satisfied with the quality of threat intelligence

• Nearly 25% of survey respondents were unable to prioritise the threats by category

• Nearly 40% of respondents lacked context to make threat intelligence actionable

Although threat information in the form of raw data is freely available, it can be enormously difficult and time-consuming to make sense of it in a timely fashion. Many organisations lack the visibility and contextual insight required to prioritise threats, much less to respond to them proactively.

Additionally, overburdened security personnel must contend with a multitude of siloed tools and hundreds to thousands of alerts every day. A lack of effective threat intelligence leads to poor incident response and slows remediation. Digital transformation is changing the way that enterprises operate. Businesses seeking to provide better customer service, empower their employees, and respond more quickly to markets will invest in tools to digitise their operations, move them to the cloud, and develop architectures that take advantage of mobile computing and the IoT revolution.

These innovations mean that users, devices, applications and data are increasingly located or run from the network edge, and challenging the data-center centric architecture of traditional network models. To address these challenges, experts are predicting the rise of the Secure Access Service Edge, or SASE. As the world is focusing on the ongoing pandemic and so many people are working from home, safe and secure networks are a critical component to keeping companies running. Infoblox recommends that businesses implement the guidelines and best practices to ensure the security of their networks and corporate data while employees are working from home.

The speed at which Coronavirus has spread has proven a challenge for everyone, IT professionals included. This situation has highlighted the importance for organisations to invest in networking and security services, especially at the network edge, not just for crisis situations, but for the changing nature of work. As networks continue to be more decentralised and more employees take advantage of the benefits of working from home, securing networks from malware and other cyber threats will remain a challenge. Emphasizing and implementing cybersecurity training and decreasing the amount of vulnerable IoT devices when working from home will help IT managers ensure that corporate networks remain cyber-safe.

Companies most likely already have a robust security infrastructure in place to protect their corporate network. Now that the corporate perimeter has vanished, IT managers need to ensure that technologies are ready for employees to use when working from home.

Leave a Reply