When Attacks Surge, Turn to Data to Strengthen Detection and Response

News of cyber criminals and nation-state actors capitalizing on events, planned or unplanned, for financial gain or to wreak havoc have dominated the headlines over the past few years. From COVID to elections to devastating weather events, and now the tragic conflict in Ukraine. We’ve seen threat actors launch ransomware, supply chain attacks and other sophisticated tactics to compromise organizations and the services they deliver. But the human spirit is strong. We are wired to persevere, so time and again we rise to difficult situations.

When it comes to cyber threats, the security industry has two important mechanisms in place to help organizations understand the motivations of attackers and their tactics, techniques, and procedures (TTPs) so they can strengthen detection and response: intelligence sources and information sharing. Let’s look at how to get the most value from each.

Intelligence sources – When attacks happen, there’s an immediate uptick in threat information often available for free and open to the public from disparate sources, including commercial threat intelligence providers, governments, your existing security vendors, open-source feeds and frameworks like MITRE ATT&CK. With the current situation in Ukraine, which brings an added dimension of cyberwarfare, the U.S. federal government has issued an unprecedented series of alerts and plans with technical details and mitigation recommendations. Valuable information and preventative measures are also available from hundreds of news outlets, research blogs, commercial reports and GitHub repositories. Between the variety of sources and formats of intelligence, how do you make it all usable within your infrastructure?