• Cyber Threat
    Intelligence
    sh
    sh

    Learn how it transforms cyber security strategies
  • Cyber Threat
    Intelligence

    Learn how it transforms cyber security strategies


Cyber security starts with intelligence

11 December 2017

As cyber criminals seek to exploit weaknesses in existing systems or find ways to evade traditional defences, organisations are left to grapple with the unenviable task of protecting themselves from a seemingly endless wave of sophisticated attacks. 

 

A new world of cyber threats

 

And the stakes are high, considering how even a small chink in the cyber-armour can allow attackers to rapidly establish a beachhead from which to corral and launch further attacks. To emerge unscathed, defenders need to identify and mitigate a plethora of potential security risks spanning across endpoints, software applications, the network infrastructure, and operating platforms.

This includes the identification and remediation of any unintended weaknesses stemming from the complex interactions between them. It is no small feat for overworked Chief Security Officers (CSOs) and IT departments. The task is further complicated by the fact that proper cyber expertise takes years to acquire and hone, while hackers often only need to find and exploit a single security hole to wreak havoc.

Rather than relying solely on conventional security solutions, the complexity means that the only certain way of defending against this onslaught is to tighten the ratchet on one’s cyber security posture and adopt a cyber security strategy capable of handling both known and unknown threats. 

 

Adopting a proactive approach

 

CSOs must hence adopt a more proactive approach to identifying threats if they hope to come out ahead in the security race. While firewalls, anti-malware software and other security tools work, they often don’t tell security analysts about the source of the attack or the identity of the attackers on the network and how they got there.

Using cyber threat intelligence data obtained through real-time monitoring of network activities, CSOs can sharpen their existing cyber security strategy and plug holes with relevant threat information, analysis and solutions on how to mitigate them. CSOs can hence focus on aligning security efforts to actual needs and based on the specific nature of threats faced by their organization.

Threat data are sourced from a variety of inputs that include behavioural detection and customer-specific signature, white lists, blacklists, and other threat information – including those purchased by subscription. While it requires continuous investment and innovation, it is an ideal technology for tacking the rise of new threats arising from the rise of Internet of Things (IoT) appliances, increasingly software-defined infrastructure, and cloud applications.

 

Factors to consider when implementing cyber threat intelligence:  

 

It is easy to get overwhelmed when incorporating a cyber threat intelligence practice for the first time.

1.      Think like enemy

One strategy is to protect the likeliest targets would be to put oneself in the shoes of the cyber attackers to predict and identify potential attack vectors and systems from their perspective.

2.      Quality matters, not quantity

The other consideration when it comes to implementing cyber threat intelligence, is to favour quality over quantity. Accessing too many feeds could prove counter-intuitive, and result in security teams being overwhelmed and missing important alerts. Be sure to seek out relevant data pertaining to your business and threat model, and consider accessing data sources with larger networks such as those offered by telecommunication providers.

 

Using telco-centric cyber threat intelligence

 

Developed by StarHub as a unique and wide-ranging telco-centric approach to cyber security, CTI has data coverage that span across subsea cables, domestic fibre and mobile networks, enterprise IT systems, home networks and critical infrastructure. By anonymously ingesting local network metadata such as DNS requests, source and destination of IP addresses and ports, the service can offer deep Singapore-centric insights into the local threat landscape.

Under the hood, ingested metadata is analysed against known threats and run through proprietary threat hunting algorithms to identify anomalies and unknown threats in the data.

StarHub’s wide span of customer base cross various sectors including the 11 CIIs means that CTI not only provides early warning of imminent threats within Singapore, but is also able to compare attack distribution between sectors and predict security threats right down to sectorial levels. Ultimately, the granular insights help organisations prioritise resources effectively when countering or mitigating ‘real and imminent’ threats – offering both holistic threat awareness and allowing for a more predictive approach to security.

 

Winning the security game

 

With their hands perpetually full due to operational tasks, IT professionals are often at the losing end of the cat and mouse game between cyber criminals and security experts. Access to an industry-specific threat feed with a centralized dashboard can hence give the IT department an informed, real-time view of the threat situation in Singapore to put them ahead.

With telecommunications being one of the most critical sectors in the national strategy to tackle cyber threats, StarHub is well positioned to offer a cyber threat intelligence service to help businesses detect and remediate malicious threats early and effectively. 

What is KRACK?

Learn more about the latest Wi-Fi cyber attack.

Read more
Cyberthreat Monitoring Solutions: Effective Cybersecurity

Learn how StarHub’s cyberthreat monitoring solution can help enterprises.

Read more
Cyber Security for the Internet of Everything

Securing your Enterprise in the Digital Age.

Read more