Business & Technology

The Need for Threat Intelligence

By Neil Matz | July 24, 2017

These are challenging times for security leaders. Business pressures require faster processing of more data, and support for more devices than ever before. Critical data that used to be housed in a secured datacenter now moves across an increasingly complex ecosystem of networked environments, including IoT, cloud, mobile devices and workers, and virtualized networks. The rate of change in some environments is so rapid that many organizations simply can’t keep up.

A recent Forrester survey of 342 security leaders found that the largest cybersecurity challenge for CISOs is adapting to “the rapidly evolving nature of cyber threats.” This is followed by the need to secure cloud workloads and services, and having to manage and secure their increasingly complex IT environment.

With these concerns, it’s no wonder that the top priority for CISOs is improving operational efficiency. But where do you start? Do you load more security products onto an already overburdened IT staff? Because the survey shows that organizations that have never reported a security breach have adopted ten to twenty-five percent more security tools than those who have been recently compromised.

But that strategy is difficult to maintain. Especially when organizations are also dealing with a growing shortage of skilled cybersecurity professionals. Isolated security products need a lot of attention, and a lack of integration with other devices and management tools means that your team will need spend a lot of time orchestrating policies and hand correlating threat data.

The answer is threat intelligence. In fact, in that same survey, 78% of those organizations that have never experienced a breach plan to adopt a threat intelligence platform that provides insight into attacker methods and indicators of compromise. The fact is, CISOs who properly combine a technology-driven security strategy with effective threat intelligence are better prepared to successfully defend their organizations.

To meet the demand for better and more accurate insight into the state of the network, Fortinet has launched the beta version of our new FortiGuard Threat Intelligence Service (TIS), with our global research and real-time threat intelligence information available through our new security portal. Feel free to register and get a sense for the type of intelligence we’re making available (you don’t need to be an existing Fortinet customer).

FortiGuard TIS leverages years of threat research gathered from the largest population of sensors in the industry. Our mature threat intelligence network also samples an average of 50 billion threats every day, which is one of the largest undertakings of its kind in the industry. And our FortiGuard Labs team has detected more zero day attacks than any other organization. Taken together, more data, combined with a deep bench of more than 200 security researchers, translates to the most accurate and conclusive guidance available.

On the FortiGuard TIS landing page, global threat landscape activity is prioritized (Figure 1) so that CISOs can instantly understand which type of cyber threat is on the rise. This easy to understand data can be communicated to the wider organization and also enables security leaders to more effectively task their security operations teams.   

Figure 1. FortiGuard TIS landing page

Kill Chain reporting (Figure 2) provides additional details on the unique threat trends currently impacting the globe, as well as specific industries. Security leaders can see the most active applications, intrusion prevention signatures, malware and botnets on an industry-by-industry basis and easily compare these trends within their industry, by company size, by geographic location, and with the overall landscape.

Figure 2. IPS Kill Chain data

CISOs can drill down further into specific threat details to identify activity trends, prevalence, and threat ranking. Integration with the FortiGuard Encyclopedia also provides enhanced threat descriptions.

Individual application vulnerabilities and malware may also feature FortiGuard Labs threat researcher notes that provide timely insights into campaign-specific or emerging threats. Expanded commentary is often featured in periodic Fortinet blogs, quarterly FortiGuard Threat Landscape Reports, and weekly FortiGuard Threat Intelligence Briefs.

In addition to threat intelligence, FortiGuard TIS has also been designed from the ground up to answer the strategic questions CISOs ask the most, such as:

  • “Are our tactical SecOps initiatives having an impact?”

FortiGuard TIS provides accurate threat intelligence to help organizations evaluate overall trending and diminish threats over time.

  • “How does our security posture compare with similar organizations?”

TIS global threat intelligence, broken down by company size and segment, allows you to examine kill chain similarities and focus on those countermeasures most appropriate for your market.

  • “How can I explain the potential impacts of threats to other executives?”

Having an encyclopedia of real-world threat intelligence at your fingertips means you can locate and share individual threat statistics, analyze and track trends, and access security research and articles with a few clicks of your mouse.

  • “What tasks or threat defenses should I prioritize in the near term?”

By recognizing the threats affecting similar organizations across the globe, and leveraging guidance from threat research professionals, you will be better able to protect your organization from emerging threats.

  • “How can I achieve cyber situational awareness and keep breaches at bay?”

Seeing the big picture allows you to augment traditionally tactical decisions about selecting and deploying with strategic insights about not just what is happening now, but which direction threats are trending.

In the battle against today’s cyberthreats, quick access to dependable and accurate threat intelligence is essential. It allows CISOs to effectively communicate cybersecurity risks to the C-Suite and board, while also enabling more efficient management of Security Operations. This allows organizations of any size and industry to maximize resources in order to proactively defend against trending threats. To help you get started, just go to our TIS sign up page and register.