• Home
  • Blog
  • Cyber Threat Analysis, not just for the Military

Cyber Threat Analysis, not just for the Military

 

February 2, 2012   Tags:
Category: Blog, Cyber Security, Threat Analysis   Comments Off

What is Cyber Threat Analysis exactly?
There are academic papers, job descriptions and press reports all over the place discussing this “concept” called Cyber Threat Analysis, but what is it ?  Is it only for a military organization or perhaps the federal government, isn’t all of the information analyzed classified?

Cyber Threat Analysis
Is actually considered an essential defensive function in which most modern militaries have invested capabilities. “Cyber Threat Analysis” is the practice of effectively fusing knowledge of an organizations network vulnerabilities, both internal and external (including essential IT systems), and matching these against actual cyber attacks and threats seen out in the wild.  The output of this fused analysis is an advanced defensive detection mechanism with a final goal of enhancing the defensive posture of the network against real cyber threats.

Security Intelligence
We at Cyber Squared refer to this as “Security Intelligence”.  Security Intelligence transitions our clients from a state of reactive security to a proactive one through an intelligence-led, threat-focused approach to cyber security.

Combining the ability to share relevant threat knowledge and effectively understand your own defensive weaknesses, as well as your gaps in detection, can help you assess global threats other organizations are currently facing and apply that to your own organization. It also allows your analysts to focus on the real, targeted threats, and filter out those that simply distract your security operations.

Commercial or Government?
This type of analysis, however, does not need to live solely in the world of military or government organizations. It should also be applied to protecting intellectual property, trade secrets or sensitive data in the commercial sector. Security Intelligence can easily become a part of every organization that already has a functional cyber security entity. Chances are good that it may already be happening in some form right now inside of your company.

Here’s an example of how you may already be practicing “Security Intelligence” within your organization:

What happens every second Tuesday of each month? Does your security shop look at the Microsoft Security Bulletins being released? Do they analyze those bulletins against the known information regarding existing exploits in the wild and potential vulnerable software deployed within your network?  Maybe they take it one step further, and look for any information regarding active attacks utilizing vulnerabilities outlined in the security bulletins?  If so, your group is already taking part in Security Intelligence, a fusion of the knowledge of your internal network, with reported information out in “open source” reporting that causes your security organization to take action.

Security Intelligence as a role
When tasking your Security Operations Center (SOC) or Incident Response (IR) group with the additional role of Cyber Threat analysis, consider your organization’s willingness to share data with other similar companies or organizations.  A wealth of information lives within the analysts performing these roles, and those analysts belong to online groups, forums or mailing lists that supply a lot of great cyber indicators to your defense. Consider allowing your analysts to share findings, sanitized of course with no sensitive data, with other organizations to also assist in protecting the greater good.

At the end of the day, we are all working towards the same goal; protect ourselves from an online world of spies, thieves, and vandals looking to profit from the hard work of others. Adding “Security Intelligence” to your organization can act as a force multiplier in defending against real threats facing your networks every day.

If you would like to learn more about how CyberSquared can help you integrate sound Security Intelligence into your overall security practices through the application of Cyber Threat analysis and utilize our custom threat intelligence to enhance your ability to protect your network and critical business processes, contact us at .

  • Cory Marchand

    cmarchand
    Cory Marchand is a trusted subject matter expert on topics of Cyber Security, Advanced Persistant Threat (APT), Network and Host based Assessment and Computer Forensics. Mr. Marchand has supported several customers over his 10+ years within the field of Computer Security including State, Federal and Military Government as well as the Private sector. Mr. Marchand holds several industry related certificates including CISSP, EnCE, GSEC, GCIA, GCIH, GREM, GSNA and CEH. Read Full