Breach readiness is essential to limiting the impact of data breaches, regardless of industry or company size. Recent RSA research determined the current state of breach readiness and response at large organizations. The four critical areas considered in the survey were threat intelligence, content intelligence, analytic intelligence, and incident response.
Organizations Are Moving Toward Proactive Incident Response
To enhance their abilities to withstand attacks that lead to data breaches, organizations are moving from strategies focused on prevention to those emphasizing monitoring and response. However, many companies are struggling to implement technologies to detect threats in a timely manner-a necessary task for limiting the resulting damage.
A strong threat intelligence program is essential for combating today's advanced threats, since it provides up-to-date, real-time information on the latest threats. However, fewer than half-43 percent-of organizations in the survey are using threat intelligence from external sources to augment internal threat data. This means they are not reaping the full benefits comprehensive threat intelligence has to offer.
Best Practices for Using Threat Intelligence
According to the Security for Business Innovation Council, a group of global Fortune 1000 Security leaders that provided insight into best practices for the survey, organizations should be collecting and analyzing vulnerability data, open-source threat data, and external threat intelligence from third parties to improve their breach readiness and incident response capabilities. By combining vulnerability data with information regarding the relative importance of different assets on the network, organizations will be better positioned to prioritize where they should focus their prevention and incident response efforts and resources. Further, organizations should analyze past security events and feed the information generated into their plans for incident response and security operations.
Using Threat Intelligence to Ward Off Advanced Attacks
According to the Ponemon Institute, threat intelligence is an increasingly important way to keep abreast of the rapidly changing threat landscape, and it will become a key component of information security over time. Threat intelligence will be key in helping organizations overcome the limitations of traditional, reactive security controls (such as antivirus), that do little to combat advanced threats. Ponemon's most recent threat intelligence survey found that 75 percent of respondents believe the exchange of threat information would improve their overall security posture, and 65 percent believe it could prevent or minimize the consequences of attacks.
Threat intelligence sources must be timely if organizations are to quickly detect attacks and improve incident response. However, Ponemon claims 66 percent of organizations believe the information available is not timely enough to be truly actionable. The need for speed is seen in the fact that intelligence goes stale after just a few minutes. As such, the most actionable intelligence can be provided by peers and security vendors, rather than law enforcement or government sources.
Using advanced techniques fed by internal and external threat intelligence provides security teams with a more accurate assessment of the real risks posed by a variety of potential threats.