Seven steps of threat intelligence
Cybersecurity can be a herculean task at times. Every day, Internet connected companies and organizations endure malicious cyber-attacks from people all around the world. As part of your cybersecurity efforts, you must not only catch the invaders when they attack, but you must do your best to keep them out in the first place. To protect your network, you need threat intelligence and a good set of practices to keep you organized. There are lots of sources, many of them free that will help protect you from future attacks.
There are seven things you should be doing to gather threat intelligence
- Google it
Google or Bing may not explore the dark web, but they are still very useful. They can be used for daily searches, and there should be no exception for cybersecurity. There is plenty intelligence generated every day that we can learn from. You’d be surprised at how much a company can stay ahead of the curve by just using an open web search engine. It’s no replacement for a dedicated threat intelligence provider, but it can’t hurt.
- Learn from others
Talk to other cyber-security people and see what sorts of attacks they are seeing. Sharing information is one of the quickest ways to come up to speed on what to watch out for. Ask questions like, “How did it happen?” “When did the first clue drop?” and “How did the attacker get into the network?” The more you know, the better prepared you are.
- Check Pastebin and GitHub
Pastebin and Github can be a problem for lots of security teams. Personal information, passwords, and other sensitive information show up on Pastebin frequently as it is one of the world’s most popular text sharing websites.
Github, as the world’s biggest code repository, comes with its own set of problems. Anyone can upload source code regularly, which could include either your own stolen proprietary data, or code to exploit vulnerabilities in your systems. Monitor both sites regularly so that you can take appropriate action.
- Check the chatter
Many attacks or breaches are talked about, out in the open, before the attack ever happens. Some of this talk will be out on the open web; the good stuff will be on the dark web. Either way, paying attention to what hacking groups are talking about will keep your team alert and more prepared for any potential security issues.
- IOCs are your friend
Your team should always have indicators of compromise (IOC) at the top of mind. If people are connecting to your network from strange places or strange IP addresses, you just might be under attack. You need to have indicators in place to give you early warning of malicious activity.
- Know your TTPs
To protect yourself from attacks, you must think like the bad guys. What are your vulnerabilities? How are they going to get in? Try this yourself, then try using the attacks that a bad guy might use, their Tactics, Techniques and Procedures (TTP). Since much of this information is freely available and discussed on the internet, your team can get in the mindset of the potential attackers. By preparing for all your “what-if” scenarios, your team will sleep safer at night and can do their job more effectively.
- Know That Anything Goes
Since no problem is ever solved by the mindset that created it, your team needs to be flexible in their thinking and not close minded to the fact that there may be other ways of attacking the network. While many attackers will operate with similar patterns and TTPs, some will not. A good rule of thumb is to not rule out any possibilities, no matter how implausible, without a proper investigation first.
By following these seven steps, your network will be more secure. This is not to say you will never get attacked, but this should make you more aware when you are.