Interviews

Future of threat intelligence: data curation

by Mark Rowe

This year has been one of the most challenging on record for almost every industry – cybersecurity being no exception, writes Rodney Joffe, pictured, SVP and Fellow, at analytics product firm Neustar and Chairman of the Neustar International Security Council (NISC).

Recently, the UK’s National Cyber Security Centre (NCSC) reported that it saw a 10pc rise in cybersecurity incidents between September 2019 and August 2020, with a significant number relating to the pandemic.

From the rise of Covid-19 related misinformation, to security issues resulting from the mass move to remote working, cybersecurity teams across the globe have spent 2020 putting out fires on a new scale. There is no doubt this has placed increasing levels of strain on a field that, even before the pandemic, was facing a widening skills gap and unrealistic workloads.

Unfortunately, the reams of unclear, inaccurate or false threat intelligence data that cybersecurity professionals are expected to decipher is making their jobs harder. On top of this, teams are also up against the problem of alert fatigue, as they struggle to separate the important information from the noise amongst this barrage of data.

Worryingly, these issues result in two major challenges for organisations. On the one hand, they lower job satisfaction and contribute to the problem of burnout within the cybersecurity community. On the other, they reduce the ability for teams to react to real threats in a timely manner. This is why more organisations are considering ways to overcome threat data obstacles, such as curation.

It’s no secret that the cybersecurity industry is understaffed. Government statistics revealed that 48pc of businesses in the UK have a basic cybersecurity skills gap, underlining the critical issue of talent attraction and retention. Unsurprisingly, working on under-resourced teams is having an impact on individuals: a recent study found that 29pc of cybersecurity professionals have experienced severe personal issues, or know someone who has, due to the stress of the job.

The low quality of threat data available to security teams does nothing ease the burden. In fact, recent research from the Neustar International Security Council (NISC) found that fewer than one in three cybersecurity professionals are working with threat data that is extremely accurate or relevant, with only 27pc able to base their security decisions on near real-time data.

The NISC research also revealed that more than 25pc of the security alerts received by teams are false positives, resulting in alert fatigue. This issue can be attributed to the patchwork of tools involved in threat monitoring. Despite being well intentioned, these produce huge quantities of raw data that needs to be analysed – as opposed to contextualising potential threats.

Ultimately, inaccurate data and alert fatigue not only has a negative impact on team morale, but it also results in organisations missing genuine cyber threats.

To mitigate the rising volume of cyber threats, it is vital that security teams have access to near real-time threat data. Crucially, this data needs be able to power network and application security tools used to detect and block malicious actors.

A key way to enhance the quality of security data is by deploying a data curator. Combining insights from all four types of threat intelligence – tactical, operational, strategic and technical – a data curator is influenced by a holistic view of global networks, as well as pattern-based research and behavioural analysis.

A timely, highly tailored security threat data feed provides a multitude of benefits to organisations. Firstly, instead of adding another tool to the current patchwork, machine-readable threat data can be integrated in to an organisation’s existing analytics platforms, making the data received by those tools more valuable. Secondly, the curated real-time insights allow security teams to better identify and eliminate risks such as malicious domain generation algorithms, suspicious DNS tunneling attempts, sudden activity by domains with little or no history and hijacked or spoofed domains.

Thirdly, armed with this high-quality data, skilled cybersecurity professionals can focus meaningful tasks that are more meaningful, without being distracted by inaccurate data and junk alerts. Importantly, this increases overall job satisfaction and boosts talent retention across the board.

With the pandemic exacerbating the sheer number of threats and the nature of remote workforces creating a broader range of vulnerabilities, it is more critical than ever that organisations take urgent action to provide their security teams with actionable, real-time threat data. For this reason, they should embrace the future of threat intelligence: data curation.

See also the Neustar security blog.

Related News

  • Interviews

    CT speakers

    by Mark Rowe

    We live in extraordinary times, Mark Rowley from the Metropolitan Police told the conference inside Counter Terror Expo 2015 on Tuesday, April…

  • Interviews

    Spreadsheet risk

    by Mark Rowe

    Chief-level executives and senior managers working in financial services in the UK have dangerously poor attitudes to business critical data managed in…

  • Interviews

    A state of attack

    by Mark Rowe

    Can we defend ourselves against state-sponsored attacks? asks Calum MacLeod, EMEA Director, Venafi. It has taken some time but we finally have…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing