"Threat intelligence," added Glines, "is also internal threats, not just rogue employees but machines and devices that are rogue. It's also employees that don't know any better." Enterprises need to do an internal audit to understand their internal and external vulnerabilities because they can't protect themselves if they don't know what they are protecting against.
"It's important to understand the attack life cycle, and there are free and open source information feeds out there. The problem with open source feeds is that they provide a lot of information that is not always valuable."
More boutique vendors will be able to provide companies with more valuable and accurate information that will assess intelligence and invest appropriately based on customer needs.
With all of the vulnerabilities and transitions that are happening in cyber security, particularly as enterprises rely more on cloud service provides and deal with changing infrastructures, some companies may not be ready to focus on a risk assessment. Glines also said, "Vendors can work a lot faster if the risk assessment has already been done and a plan is in place."
As companies continue to move to the cloud, threat indicators are changing, so how can enterprises boost threat intelligence and mitigate risks?
Glines said, "Companies need to understand that what is most important is data and securing that data. Align programs around assets that are the highest priority. Know where my high risk data resides." More importantly, companies should understand that not all data is valuable. Glines advised, "Assess intelligence and invest appropriately based on need. It is not efficient to just throw technology at a problem."
Knowing their environment will also allow them to recognize anomalies in behavior, and behavior analysis is a valuable piece of threat intelligence. Mike Banic vice president of marketing, and Wade Williamson, product marketing director at Vectra, said "Indicators are things that you are not familiar with. They are going to start the game new, fresh, with things that have never been seen. It's not what malware is, it's what the malware does. Actions that the malware took are what's important."
Grayson Milbourne, security intelligence director at Webroot, said, "Authors understand that to defend against something it needs to be observed at least one time. Someone has to see what you are doing to know how to defend against that." One of the greatest challenges in trying to defend against grand scale attacks is that once a signature has been identified and shared, the bad guys have created a new application.
Sharing signature information on large scale commodity attacks can help to minimize vulnerabilities and knock out larger threats. If enterprises are able to find an intruder in their active phases, they have a greater chance of stopping the criminals before data is stolen.
Sign up for MIS Asia eNewsletters.