By Pete Nicoletti, Check Point Field CISO, Americas
If leveraged appropriately, cyber threat intelligence is a critical cyber security tool used by security professionals around the globe. I do not know of any fellow CISOs that do not love quality and fresh threat intel and what it can offer: responsiveness to new threats, understanding of the threat, security optimization opportunities and more.
IPS, forensics, firewalls, email and endpoint protection tools all benefit from the amazing insights about current and potential cyber attacks. They are an essential component to keep the cyber criminals at bay and protecting an organization’s reputation, its processes and its assets.
Check Point Research (CPR) is a leading provider of threat intelligence services and an active participant in the greater international threat intelligence community. It provides threat research alerts, attack reports, podcasts, how-to guides, vulnerability repositories, URL categorization, among others.
At the core of CPR services is ThreatCloud, a real-time intelligence derived from hundreds of millions of sensors worldwide, using AI-based engines and exclusive research data. You can view the live Cyber Threat Map here to get a glimpse of the latest cyber attacks and where they are occurring.
Among CPR’s other key contributions are two comprehensive Security Reports at the beginning of the year and mid-year. These reports have become a mainstay for professionals who need a deeper dive into current threat and attack intelligence and trends.
The latest version of the 2022 Cyber Attacks Mid-Year Report was published on August 3rd, and allows you to learn more about the use of cyber attacks as a state-level weapon. The unprecedented swarm of state-sponsored attacks, the growth of hacktivism, and in some cases, the recruitment of private citizens to form cyber threat armies.
As a CISO for several decades, I have pinpointed seven ways you can get more from your cyber threat intelligence feeds:
1. Prevent attacks against unpatched assets: Face it, your teams and tools can miss patching every single one of your vulnerable assets. With a threat feed being leveraged by host and network IPS’s, the absolute newest threats can be prevented from exploiting vulnerabilities. This is a key compensating control that must be leveraged and monitored for effectiveness. Example: Log4J, no one had any idea of this vulnerability, but Check Point WAF’s blocked the attack preemptively, and then offered additional signatures within minutes to end point tools and security gateways.
2. Leverage automated tools that can protect you from new threats discovered across the world in seconds: Your threat feed is only as good as the number of sensors, the quality of the feed and the speed at which it can be leveraged to protect your assets. Check Point Research uses over 150,000 sensors to analyze billions of events per day. This means you can get hundreds of updates in seconds. Check Point updates our customers’ gateways in an average of 4 seconds from the first time a new threat is seen.
3. Stop dealing with expensive false positives: A hidden cost your staff is dealing with is the time and effort required to handle false positives. A clean threat feed will reduce expensive false positives to near zero. It will also speed up investigation and forensic playbooks significantly.
4. Prevent browsing to malicious and fake URL’s: New phishing campaigns are launched daily with recently registered look-alike domain names. Your threat intelligence will constantly feed your email protection and security gateways with domains set up by hackers to harvest credentials, install malware and launch ransomware attacks. Stop browsing and emails to malicious hacker domains with a steady threat feed stream.
5. Ensure that your protection tools are set up for STIX/TAXXI feeds. This is a well-defined formatting standard that your tools can ingest and leverage. Ensure that your tools that can leverage threat feeds are set up to get the threat feed and use it for its appropriate use case: For example: 3 day old newly registered/DGA domains that have no business being visited by your users! Prevent this threat!
6. Threat Feeds automatically increase the size of your team: Leveraging curated, enriched, and exclusive threat intelligence from Check Point Research (CPR), allows you access to an elite group of researchers and security engineers. The group investigates and exposes the world’s most dangerous and sophisticated cyber attacks, software and application vulnerabilities, and issues corresponding protections to all Check Point products.
7. Leverage Artificial Intelligence and Machine Learning instantly! The Check Point threat feed and related email solution feeds use over 60 different engines and algorithms to improve the speed and quality of the feed. Its not a buzz word, AI/ML enhanced threat feeds are a critical capability that you can easily leverage.
The bottom line is that you need to get your team to work with Check Point to upgrade your game and prevent issues before they can cause damage and wasted time. To obtain the latest Cyber Attack Trends: 2022 Mid-Year Report, click here.
For further information on Check Point Research threat intelligence services, visit this page. To receive more timely cyber security news, top-tier reports and cutting-edge analyses, please sign up for the cybertalk.org newsletter. Join your peers for a rich discussion of this article here.