Benefits of Cyber Threat Intelligence and Who Offers It
Imagine trying to find your way to somewhere you’ve never been, but your maps app is missing the roads and highways. You would probably start taking wrong turns. And the odds of arriving where you need to be — when you need to be there — would be greatly diminished.
This is how it can be if you are a CISO or part of a security team attempting to map out an effective security defense strategy without cyber threat intelligence (CTI). You want to drive the organization in the best direction, by focusing on the most relevant threats for your industry, but you aren’t exactly sure how to get to that point.
This is one of the reasons I am passionate about leading BlackBerry’s threat intelligence services program. Our team puts directions back on the map.
What Is the Value of Threat Intelligence?
Threat intelligence is about context. Which attacks — and which attackers — are most likely to impact your organization, your industry, and your region?
Threat actors go to work in the same way we do. Does our organization fall within the “scope of work” of any of these malicious actors? What are their work goals and motivations? Based on this, how can we best anticipate and defend against their attack? Threat intelligence answers these questions and more, so you can make well-informed decisions and take prompt effective actions, using actionable, factual data. And it positively impacts your security operations, architecture and engineering, your governance, and risk management.
Chris Kissel, Vice President, Security and Trust Products at IDC Research, says an increasing number of companies are waking up to the value of CTI. “Curated threat intelligence from credible experts in the space provides businesses and their front-line security personnel with timely insights, enabling them to better detect, triage, and investigate threats,” Kissel says. “Integrating this service with existing security ecosystems helps businesses stay one step ahead of cyber threats as digital attack surfaces evolve and expand."
Being “cyber resilient” means making the right decisions at the right time. This alignment of two “rights” is extremely powerful, and becomes a force multiplier for network, endpoint, and cloud defenders, as contextual intelligence becomes actionable.
Why Threat Intelligence Is Critical
Threat intelligence is becoming more critical for two main reasons:
- The speed of attacks
- The sophistication of threat actors
For example, sophisticated nation-state TTPs (tactics, techniques, and procedures) are increasingly filtering down to financially motivated ransomware operators. And initial access brokers (IABs) make it easier for any type of threat actor to buy persistent access to already-compromised organizations. Additionally, non-technical cybercriminals can now rent cyberattack infrastructure in “affiliate program” schemes where everyone involved gets a cut of the profits. This ecosystem multiplies the types of attacks — and attackers — that may be targeting your organization at any time.
Threat Intelligence delivers the details needed to improve defense, detection, and response, so organizations like yours can stay on top of cyber threat activity, and anticipate your opponents’ next moves.
How to Obtain Contextualized Cyber Threat Intelligence
To begin implementing threat intelligence into your cyber defense, look for a professional CTI service that suits your needs. It should be able to provide actionable intelligence on targeted attacks and cybercrime-motivated threat actors and campaigns targeting organizations like yours, including intelligence reports specific to particular industries, regions, and countries.
Utilizing this information reduces “unknowns,” and enhances your detection and response efforts.
BlackBerry Cyber Threat Intelligence Service
Our BlackBerry threat research and intelligence team is proud to announce the launch of the BlackBerry® CTI service, available as a quarterly subscription, designed to save your organization’s time and resources by focusing on specific areas of interest relevant to your organizational security goals. It will help you prevent, detect, and respond more effectively to cyberattacks.
The threat research and intelligence team has released numerous “first-to-market” research reports over the past year, leveraging BlackBerry data- and AI-driven digital ecosystem and analytical capabilities.
These research reports have revealed new developments in the ransomware and malware space, and targeted, state-sponsored APT (advanced persistent threat) activity, including Symbiote, DCRat, Chaos ‘Yashma’ ransomware, and LokiLocker, all of which have been well-received by BlackBerry’s customer base and the broader security community.
And our elite in-house team includes world-recognized leaders, including SANS authors and instructors, former members of law enforcement and intelligence agencies, winners of DEFCON challenges, and more. Our CTI analyst network is also distributed around the world, which means we not only understand the language of all the countries we monitor, but also their culture, economy, political structure, and current events. That is crucial, because CTI is not just about technology, but also about knowing geopolitics so we can understand attackers' motivations.
About BlackBerry Services
For more information on BlackBerry cyber threat intelligence and how our other cybersecurity services can support your organization, please visit our professional cybersecurity services page.