Combat Advanced Threats with a Multi-disciplinary Threat Intelligence ProgramALISON ADKINS
Ransomware attacks on Colonial Pipeline, JBS Foods and Kronos are just a few recent examples in the rise of cyber-physical attacks that disrupt lives of individuals and have the potential to cause physical harm. This concerning trend is capturing the attention of organizations worldwide, with Gartner predicting that 75% of CEOs will be personally liable for cyber-physical security incidents by 2024.
To protect themselves from multi-dimensional incidents, organizations need to not only understand the connections between different threat actors, campaigns, and attack methodologies, but also the interdependencies between different threat domains. In response to these drivers, many security teams are revisiting how they approach building threat intelligence programs. That’s why Silobreaker and ThreatQuotient teamed up to deliver a webinar on “Building a Multidisciplinary Threat Intelligence Program.”, where we outline the foundations for building such a program. Here’s a brief overview of the key takeaways:
Unlock unstructured data
Estimates suggest that 80%-90% of threat data is unstructured, with nearly all of it residing beyond an organization’s own perimeter. Leveraging unstructured data helps you place threats and incidents in the context of the world at large and, therefore, is extremely valuable in identifying connections between different types of threat. Unstructured data is an essential element for building a strong, holistic threat intelligence program. However, it is also labor-intensive to work with because it is typically unorganized, text heavy, and hard to search for, process and understand.
In this webinar, you’ll learn how Silobreaker helps security teams arrive at the intersection of cyber and physical threat intelligence. As a SaaS platform for storing, analyzing and disseminating intelligence from unstructured data sources, Silobreaker allows you to enrich technical feeds and indicators with context so you can see the big picture and understand which threats to prioritize, and why. By indexing millions of documents from the web in near real-time, Silobreaker lets you discover, evaluate, and create intelligence from the kind of dense, text-heavy content that would normally take a team of people many hours to read. Even sources that are traditionally difficult to investigate efficiently, such as forum posts and pastes, can be quickly parsed and visualized using Silobreaker’s flexible suite of analytical tools.
By analyzing unstructured data efficiently at scale, organizations are able to evolve their threat intelligence programs from a focus on tactical indicators to include enrichment, asset monitoring, reputational and supply chain risk and, ultimately, to the strategic interpretation of physical risk, geopolitics and world events. In each aspect of the intelligence cycle, Silobreaker supports security teams with highly customizable queries, dashboards, collaboration features and dissemination options, including alerts and report building.
Break down silos
Just as threats can’t be looked at in isolation, teams can’t work in silos. Risk can only be mitigated if you can see and link the strong interdependencies between cyber and physical threats, with teams working together to disrupt threat actors and build resilience.
The ThreatQ Platform supports multi-disciplinary threat intelligence programs by enabling teams to collaborate and address the implications of cyber threats on the physical security of their organization and people. The integration between Silobreaker and ThreatQuotient makes it easy to query Silobreaker’s vast dataset on-demand and pull relevant content into the ThreatQ Platform. From there, you can align that external data with internal threat and event data you have actually seen within your environment. The ThreatQ Platform’s flexible data model allows you to add physical security information including assets, office locations and personnel, so you can identify and leverage any overlap or relationships between cyber and physical threats and focus on what is high priority for your organization.
With ThreatQ Investigations, different teams can leverage their expertise to build out investigations. For example, experts in victimology can incorporate physical components (those being targeted, locations, physical assets, etc.) and work closely with identity management teams to mitigate risk. In a shared environment that embeds visualization and documentation, teams can map out cyber-physical attacks in a holistic way and coordinate response.
If your organization is concerned about cyber-physical threats, I encourage you to watch the webinar now for a deeper understanding of how Silobreaker and the ThreatQ Platform work together. Then, contact us for more information about how we can help you evolve to a multidisciplinary threat intelligence program.