Guest Column | November 7, 2016

The Myth Of Threat Intelligence In The Channel, And An Intelligent Hybrid Security Approach

Intelligent Hybrid Security Approach

By Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS

Over the last year, Threat Intelligence (TI) has become a hot topic for the cybersecurity industry. Organizations of all sizes are looking to the channel to provide recommendations on what to purchase, how to implement, and how to gain the greatest value from TI. It is therefore critical the channel clearly understands what TI is, and how organizations can capitalize on its value.

Why Does The Industry Need Threat Intelligence?

Today, there are billions of computing devices (computers, smart phones, IoT, etc.) connected to the Internet. Once IPv6 is fully adopted, more and more devices will be on the Internet than ever before. It’s not a stretch to believe there will be more than a trillion devices connected before the end of this decade. Currently, there are nearly 300 million domain names registered world-wide across all top-level domains with billions of unique URLs. Finally, there are tens-of-millions of unique pieces of malware infecting and controlling devices all over the Internet. Do most organizations know anything about the devices, websites, malware, and threat actors operating on the Internet? Most likely, the answer is no, unless you’ve got TI. Without it, you and your organization are simply flying blind to the dangers that exist on the Internet.

What Is Threat Intelligence?

By nature, Threat Intelligence (TI) is about gaining additional understanding of the Internet’s dangers that we hear about daily. TI delivers insight into which IP addresses have been known to carry out cyberattacks. TI can also offer more specifics about the dangerous websites you or your employees may get tricked into visiting. TI provides knowledge of command and control infrastructures where hackers maintain remote access into your systems — using them to attack others and steal data. Finally, TI provides lists of up-to-the-minute malware signatures and file hashes of known malicious content you simply don’t want coming into your organization. TI is danger awareness — or better yet, awareness about what and who is acting hostile on the Internet, and what likely not is. TI is not a myth, it’s a must.

Organizations of all sizes can easily take advantage of TI. Commercial TI is readily available today from a host of different vendors, but many organizations are looking to the channel to make the right recommendations and help with the implementations. The opportunity for consulting services to develop TI strategies is badly needed. Many organizations are not sure how to get started, making the opportunity even greater for channel expertise. However, is TI enough to protect your customers from cyberattacks? Sorry, but the answer is still no. TI on its own is nothing more than lots of insignificant data unless it’s put into action.

The Hybrid Strategy — Supplementing Your Threat Intelligence

An organization can capitalize on TI to gain additional awareness of hacker tactics, techniques, and procedures (TTPs). However, TI is most valuable when it’s physically used to block unwanted traffic to-and-from the Internet. But, how does an organization make TI actionable? Simple: Intelligent Hybrid Security.

As organizations begin to migrate to a hybrid security strategy, they want to implement TI in their cloud and on on-premise defenses. However, organizations are often not sure who offers these services and what security technologies are available that can consume real-time TI and put it into action. Industry experts agree TI must be made more actionable. This is a huge opportunity for the channel to sell replacement technologies that can consume real-time TI. In fact, I believe technologies that cannot consume TI will eventually find their way to the scrap heap.

As enterprises and SMBs work with their channel partners to purchase the latest cybersecurity technologies, channel partners that offer security solutions that can also consume real-time, actionable TI, will stand out from the crowd. TI is gaining a significant following from business consumers who are looking for ways to put it into action. Channel providers should put special emphasis on and seek out solution vendors that also understand the significance of putting intelligence into action.

Stephen Gate is Chief Research Intelligence Analyst at NSFOCUS and has been instrumental in solving the DDoS problem for service providers, hosting providers, and enterprises in North America and abroad. Steve has more than 25 years of computer networking and security experience with an extensive background in the deployment and implementation of next-generation security solutions. In his last role, Steve served as the Chief Security Evangelist for Corero Network Security. Steve is a recognized Subject Matter Expert on DDoS attack tools and methodologies, including next-generation defense approaches. You can usually find Steve providing insight, editorial, industry thought leadership, and presentations covering the latest security topics at RSA, SecureWorld, SANs, Black Hat, IANS, ISSA, InfraGard, ISACA and more.