The 3 Types of Cyber Threat Intelligence – Which one are you using?

By Alex Duffy

CYBERTHREAT INTELLIGENCE (CTI) is not a buzz-phrase; it’s an essential pillar of a mature cybersecurity strategy. When used and applied correctly, CTI can help security teams prepare for, and defend against, the evolving threat landscape. CTI gives organisations evidence-based, mature and effective cybersecurity strategies. 

There are levels of maturity to using and understanding CTI. With each level of maturity, the context and analysis of threat intelligence becomes deeper and more sophisticated, caters to different audiences, and requires more investment. 

CTI comes in three levels: tactical intelligence, operational intelligence and strategic intelligence. 

Tactical intelligence is the level most commonly used by organisations and represents first level maturity of cyber threat intelligence. It is based on real-time events, investigations and/or activities and provides day-to-day support to operations. Many may use it in their security information and event management (SIEM) tools or on perimeter firewalls, and it consists of indicators of compromise, and files hashes, malicious IPs and domains. These usually have a short life span, as IPs and domains can be repurposed or taken down in days or even hours. 

Operational intelligence is data that is designed to drive your day-to-day decision making, resource allocation and task prioritisation. It contains the technical direction of threat actors, indicators of targets and can contain the threats malicious tactics, techniques and procedures (TTPs).  Operational intelligence has a longer shelf life because adversaries can’t change their TTPs as easily as they can change their tools like types of malware they use.  

Cybersecurity professionals that manage vulnerability management, incident response and threat monitoring are the biggest consumers of operational intelligence as it can help them focus and prioritise their work.  

Strategic intelligence is high-level cyber intelligence, usually containing information about foreign policy, global events and internet-based risks against organisations. This intelligence is vital for C-suite executives to allocate budget and align their cyber goals towards real-world objectives. For example, a mining company can review the analysis that the mining sector is under increasing attacks, and can then react appropriately by investing resources into strategic cyber defences. 

Strategic intelligence tends to be the hardest form of intelligence to collect. It requires human collection and analysis to understand both cyber security and the worlds geopolitical situation. Strategic intelligence is usually consumed through the use of reports.  

CTI increases your organisation’s ability to not only defend itself against current attacks and threats, but also to predict future attacks. The trick is to choose the right intelligence for your needs, and to make the sheer volume of intelligence actionable, whether it be reactive, proactive or futureproofing. 

 

See how Flashpoint and ThreatConnect  can help you incorporate all three levels of cyber threat intelligence

_________________________

This is an extended post from our original article which was first published in AISA.org’s Cyber Cyber Conference Magazine.

 

Third time win for emt Distribution at Thycotic International Partner Conference

Adelaide, Australia –  1 November 2019:  emt Distribution  received multiple awards for the third time running at Thycotic’s Partner Conference, Unlocked,  held in Monaco 15th – 17th October. Adelaide based emt Distribution was awarded International Distributor of the Year, 2019  with 91 of  Thycotic’s distributors and partners attending from multiple regions including Europe, Middle East, Africa and Asia Pacific. This is emt Distribution’s second win as International Distributor of the Year since bringing Thycotic on board as an ANZ vendor partner in July 2016.

This award is noteworthy as it is a recognition of the outstanding efforts and results emt has driven in ANZ over the last 12 months. It rides on the back of its 2017 win of the same award in Alicante, Spain and also of the International Pre-sales and International Pro Services Champion awards in 2018 at Unlocked in Nice, France. emt was also awarded International Pre-sales Champion for 2019.

“We are absolutely delighted with our awards and truly appreciate the recognition of the success we have had with Thycotic in the region,” Scott Hagenus, CMO of emt Distribution said.  “We have consistently demonstrated that with the right mix of resources, focus, strategy and determination, significant growth is achievable.”

Hagenus further stated that, “Thycotic’s underpinning technology and ability to address real world security challenges in privileged access management is exceptional. Coupled with our outstanding channel, there is a lot more to achieve in the region.”

There was further recognition of ANZ at Unlocked as emt and Thycotic partner, A23 also received recognition for International Deal of the Year! Canberra based A23 is a consulting and professional services IT firm who was the first in the region to be invited and accredited as Thycotic Professional Services certified. This award recognises A23’s ability to meet customers’ needs with the right solutions and also implement them at the highest level, which gives them significant competitive advantage.

“This is an exciting time for Thycotic in ANZ as it continues to grow and we expand and create more opportunities within the channel. We continue to look forward to creating strong partnerships in the region and consistently deliver great value,” said Andrew McAllister, Regional Director for Thycotic ANZ.

 

10 Cybersecurity Tactics Everyone should Implement Now!

By Alex Duffy

In life there are a set of rules that apply to certain scenarios. When you are driving and want to change lanes, you check your mirror, indicate, check your mirror again, safely switch lanes, and finish up by turning off the indicator. These rules are in place in order for everyone to have a safe driving experience. The same practise can be applied to your online security, which is critical considering almost everything is completed online these days. In some cases an 8-16 character password is all that’s protecting your finances – that should be reason enough to want to protect yourself.

So, how do you make sure to keep yourself safe? Follow these 10 steps:

ONE – Look for browser warnings and the green lock before entering credentials.

Whenever you access a website, your browser runs background checks to make sure that the site you are visiting is indeed who they claim to be. When the websites fail these checks, your browser will warn you. These warnings are there for a reason! So make sure to listen to those warnings and respect them.

TWO – Maintain Unique passwords for every account and website.

Too often people will use the same email and password for their bank, as they do for any odd website out there that has asked them to create an account. The issue with this is that once that website becomes compromised and your account details are stolen, threat actors will often use those same credentials against a variety of services like PayPal, large banks and more, and will be end up being successful in stealing your information.

THREE – Use Random Generated or pass phrases as your password.

Regarding passwords, you are looking for length and complexity. Complexity does not mean take your name and replace an ‘A’ with an ‘@’. Complexity means that you couldn’t break a password just by changing characters. Remembering truly random passwords is tough, so passphrases are the next best thing. Simply take a saying or a line from your favourite song, poem or book, and use that as your password, spaces and all. You could also take the first letter of each word to create a new passphrase. Generally speaking, if you add a number or two that should satisfy password complexity standards.

 FOUR – Do not click links that arrive in unsolicited email.

Phishing is a scamming method that uses fear and urgency to get you to act irrationally. If you are not expecting to be contacted by the sender, and a link urges you to ‘click here’, and they are threatening that something bad will happen, like your email account getting shutdown or blocked, it is generally fake. If you are still unsure, you can hover over the link to gain more information. If Microsoft claims they sent you the email, the link should be Microsoft’s. In the end, if you are ever in doubt, then contact the company directly and see if they sent you the email.

An example:

Microsoftpasswordreset.suvlaki.co – FAKE

login.microsoftonline.com – GOOD

FIVE – Where possible enable multi-factor authentication

Multi-factor authentication is a second way of verifying your identity. This can be achieved using methods such as a text, phone call, or a generated token. This should be enabled because in the event of your password being stolen, the threat actors  are still unable to access your account. When multi-factor is set up, you should always be aware that if you receive an authentication code without trying to log in, then it could mean that someone has your password and is trying to log in.

 SIX – Change passwords regularly

Your job is to make stolen passwords redundant. You can do this by changing your passwords often which heavily reduces the impact of a stolen password

 SEVEN – Try not to write down your passwords, if you do, do not store them in plain sight.

You should not have your passwords written down, makes it easy to gain access to your devices. But if you really insist on it, which again, please don’t. Then PLEASE, hide them – and no, NOT UNDER THE KEYBOARD!

 EIGHT – Use a password manager to help you remember your unique passwords.

No alt text provided for this image

A strong password is one that is long and can’t be remembered. No one is asking you to remember them all, instead securely store them in a password vault. Password vaults are invaluable at keeping your everyday passwords safe, and then ensure that access to your vault is protected by a strong passphrase and multi-factor (Step three and five).

 NINE – keep ALL software up to date.

Updating your operating system or antivirus is only half the battle against protecting your device. Any out of date applications, such as Adobe, Zoom etc, can allow a threat actors to gain full access to your system and everything within.

 Ten – With emails, ensure that the send and the senders email address are correct.

It is incredibly easy to change your display name for an email address to appear as someone else. Your job is to make sure the person emailing you is actually the person they claim to be. You can work this out by comparing their display name to the actual email address.

An example:

John Harry <[email protected]> – BAD

John Harry <[email protected]> – GOOD

 

About the author
Alexander Duffy is Security Solutions Architect for emt Distribution, working in the Threat Intelligence space on a full  range of  emt’s cybersecurity portfolio like ThreatConnect, Flashpoint, etc. For more security updates follow him on LinkedIn