Cloud Security and Governance – Mind the Security Gap
Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
As most readers would be aware, in the majority of cases, organisations have little or no control over threats. However, acquiring a level of awareness of the existing and emerging threats to a business provides organisations with fore-armed information to avoid threats in their entirety and/ or the opportunity to pro-actively develop defence and detection mechanisms (where avoidance or risk acceptance of the threats is not possible).
The ability to gather advanced threat intelligence requires the use of human-sourced and technically sourced intelligence, gathered across multiple geographic regions, and sometimes through either covert activity or engagement with potentially malicious or secretive groups.
For the vast majority of organisations in-house threat intelligence capabilities are limited or not available at all (resourcing, budgets and overall operational team capabilities). However a lack of internal capability, naturally, doesn’t reduce an organisation’s overall risk to current or emerging threats. In these cases businesses can leverage Threat Intelligence supplied by third party providers and vendors.
Threat intelligence is available from a number of sources outside of the intelligence generated within an organisation. Although this is not an exhaustive list threat intelligence can be supplied by a number of parties including commercial providers, government bodies, open source threat intelligence and user led intelligence sharing platforms.
Threat Intelligence is available from a number of Government bodies, such as Australian Cyber Emergency Response Team (AusCERT), U.S. Computer Emergency Readiness Team (US-CERT) and the SANS Internet Storm Center.
Open source options have been developed such as the Open Threat Exchange and IBM’s X-Force platform provide publicly available feeds. These are often sponsored by a Vendor but made publicly available.
A number of end-user (industry) led Threat Intelligence sharing platforms have arisen in recent years. One such example is the Financial Services Information Sharing and Analysis Center (FS-ISAC). These ISAC options can provide similar outcomes to commercial threat intelligence options with pricing at a cheaper or comparative price point. Such options fall into three generic categories:
Threat Intelligence at present is used by most organisations via the integration of this information into detection-oriented security solutions, such as SIEM. The addition provides more contextual information to individual events and addresses ever increase alert fatigue.
Advanced intelligence programs deliver shared intelligence to firewalls, intrusion detection and prevention systems (IDPS), or endpoint detection and response (EDR) solutions to enhance network detection or blocking of potential indicators of compromise.
When looking to consume a Threat Intelligence platform be sure that your organisation is capable of acting upon the volume of intelligence supplied.
Threat intelligence can support an organisation in a number of facets, across Cybesecurity and risk; and support decision making functions across various roles including Security teams (SOC, Vulnerability Management personnel and the CISO), technology and infrastructure leaders as well as the Board.
Such intelligence can be utilised within a business to provide pro-active mitigation in the form of information on Threat actors and provide visibility on Digital risk trough the monitoring of open and dark web information.
Secure-ISS assist and lead organisations to fully leverage and operationalise threat intelligence across their businesses.
For those looking at starting their journey with Threat Intelligence, Secure-ISS can assist your organisation in the assessment, implementation and integration of Threat Intelligence Platform (TIP).
For organisations that already have Threat Intelligence, Secure-ISS can assist in building out the maturity of your Threat Intelligence Practice.
If your internal capability is not resourced to make the most of a Threat Intelligence Platform or feed, Secure-ISS offer a number of Managed Security Services (which include various Threat Intelligence feeds and suppliers) to reduce your organisation’s threat surface and overall business risks.
Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
Penetration Testing Penetration testing is essentially recreating malicious attacks in order to exploit and identify gaps…
Vulnerability Management – Assessment and Patching An effective Vulnerability Assessment (VA) approach Organisations are most likely…
Managed Detection and Response (MDR) What is a Managed Detection and Response service? Managed Detection and…
Endpoint Detection and Response Solutions – EDR / XDR / MDR Endpoint Protection Platforms (EPP) are…
SOAR – Security Operations, Analytics and Reporting Orchestration and Automation of incident response are key elements…
Threat Intelligence What is Threat Intelligence? Threat intelligence is information about the activity taking place inside…
CASB – Cloud Access Security Broker Cloud Access Security Brokers (CASB) provide visibility and control of…
Least Privilege Access Control A “Least Privileged” access control regime provides users with only the minimum…
Incident Response Process Incident Response Planning Not to be too negative, but a serious security incident…
Application Whitelisting What is Application Whitelisting? Application whitelisting is the practice of defining approved software within…
Web and Content Filtering Content Filtering involves the use of certain hardware and software components, that…
Network Intrusion Prevention System (IPS) IPS is a solution which is designed to prevent malicious activity…
Identity Access Management – Securing every Industry One of the most effective ways for a business…
Privileged Account Management (PAM) What does Privileged Access mean? Privileged access can be defined as administrative…
Monitor Security Services Keep your eyes on the pulse. You can collect and monitor information, identify…
Email Gateway Security ESGs – Even in a Cloud first world an Email Security Gateway is…
Vulnerability Management So what is Vulnerability Management? We’d suggest it is an ongoing process to ensure…
Edge Protection A business’s network edge or perimeter was once upon a time easily defined. Everything…
Endpoint Protection Platforms Anti-Malware and Anti-Virus – Critical to any security program Protection from malware, including…
Backup Strategy and Solutions Backing up your business data is a critical foundation of any business…