This content is part of the Security School: How threat intelligence feeds aid organizations' security posture

Security School

Browse Sections

How global threat intelligence fits into a security strategy

Global threat intelligence services can be part of your security arsenal, but to prevent phishing and other threats basic defenses like strong passwords are vital too.

Global threat intelligence services can be a powerful business security tool. But it's not the first one you should consider when setting strategy for better business security.

In my seven years working as a penetration tester and security consultant, I have seen thousands of different system configurations and myriad different security concerns, from some of the largest companies in the world, right down to tiny SMEs. One major problem companies around the globe have in common is that they focus their efforts in the wrong areas, not realizing the threats they face come from very simple security problems. This is a global problem: All but the most security-focused of organizations are guilty of ignoring the simple issues. I've lost count of the number of times large companies have asked me to review the security of hardened systems they've developed for a specific project, when all their staff are still using Windows XP and Internet Explorer 6.

 Where global dangers lurk

If I were asked to list the main security concern that all companies should have, it would be phishing attacks. I've run many phishing simulations, mostly to trick users into divulging their Windows username and password, and have never had less than 50% of the recipients give up their credentials. Phishing is the No. 1 global threat. It's easy to focus on the next big advanced persistent threat, RAT or zero day, and forget that nearly all breaches that use these tools start with a phishing attack. By focusing on staff awareness, these attacks can be stopped before they even enter the network.

One pixel The meaning of threat intelligence and how
companies can utilize it

The human firewall really is the most important security asset a company can have. Investing huge sums of money in security systems such as SIEM, next-generation firewalls and endpoint protection can help greatly, but none are as effective as staff training. Take the recent U.S. Office of Personnel Management hack: A $4.5 billion security system failed to protect against the attack. Nearly all the breaches in the last few years started with phishing attacks.

Passwords are basic, but key

It's time to focus on the basics, on passwords. How many people truly understand how to choose a secure password, and how many website owners know how to safely store them? There are new authentication mechanisms in development, but for now, we're stuck with username and password. In my experience, 99% of people think that A%af5!£ is a stronger password than I love my new chair. They're very much mistaken. It's not their fault; they've just never been shown how a hacker breaks passwords.

Password strength is far closer linked to length than complexity, and beyond a certain level, passwords become uncrackable, as long as the way they stored (e.g., salted and hashed) is secure. Weak and default passwords are often where a breach starts. This fact was highlighted beautifully by the weak VPN passwords that hackers guessed in the AshleyMadison hack.

Where global threat intelligence fits

Beyond passwords, how can you best increase your enterprise's level of security? First, analyze the threats your organization faces, and work out how sophisticated your attackers' methods may be. Global threat intelligence services can be useful here, but only if the security maturity of your organization is at a high level. Subscribing to threat intelligence services without the security infrastructure or staff understanding of what the data means is pointless, as you'll be paying for data you have no idea how to interpret or put to use.

If you do decide to invest in global threat intelligence, you need highly trained staff from a technical background who understand the real-world impact of these threats. A major problem with security teams in large organizations, in my experience, is that they lack the understanding of the actual methods hackers use to break into systems, and get bogged down in internal company policies and politics. This understanding is very important to successfully interpreting threat intelligence. However, with skilled staff in place, a threat intelligence security system can be a powerful tool for preparing for the most likely current threats.

But never forget about the basics. Keep your systems patched, your passwords long and your staff highly trained, and you will thwart most attacks before they've penetrated your network.

Next Steps

Find more information about intelligence services in this Buyers Guide

This was last published in September 2015

Dig Deeper on Threat intelligence sharing and services