What is attack intelligence and why do you need it?

In Spring 2021, IronNet commissioned the independent research firm Sapio to survey 473 IT security decision makers in the technology, public services, financial, and utilities sectors across the United States, United Kingdom, and Singapore. This2021 Cybersecurity Impact Reportrevealed an interesting paradox. While most survey respondents (90%) indicated that the security posture of their company had improved in the past two years, 86% reported a cybersecurity incident so severe in the past year that it required a C-level or Board meeting.

Why is there a false sense of security? More important, what is the disconnect between a reportedly high level of confidence in existing controls and the fact that attacks continue to pummel companies of all sizes?

One reason for this paradox, in my opinion, is the lack of what I am calling "attack intelligence," or collective threat intelligence. What do I mean? This type of heightened threat intelligence is the combination of threat detection based on behavioral analytics, which can identify anomalous in network traffic, and Collective Defense based on visibility and real-time collaboration.

In short, attack intelligence delivers threat information that is three things at once:

1. Timely: you need speed when it comes to both detection and triage
2. Relevant: you need meaningful threats to emerge from information overload
3. Actionable: you need situational context around detected anomalies

How is actionable attack intelligence different from traditional threat intelligence?

It's simple: threat intelligence, while still a very valuable element of cybersecurity, is "what could happen to me." Attack intelligence, on the other hand, describes "what is happening to me, or is happening to someone that looks like me, or is happening in my supply chain." Threat intelligence basically tells security analysts that there are a lot of adversaries out there who can do a lot of bad things if they get in your network. It is not specific enough, and it is not normally timely enough, to allow your analysts to focus limited cyber resources on the threats most likely to impact your specific business.

It is my hope that focusing threat intelligence on timely, relevant, and actionable threat information can mature every enterprise's security posture. The promise of actionable attack intelligence is far-reaching. In fact, "IT security professionals think that better detection technology (44%) and better infrastructure for information sharing (41%) would have helped companies in the context of the SolarWinds attack" (2021 Cybersecurity Impact Report). Actionable attack intelligence fills that void by giving you real-time and dynamic visibility over the entire attack surface that is relevant to you.

I have prepared a Cybersecurity Market Insights report to assist security practitioners in discovering the value of attack intelligence and the tools you need to implement it to improve and strengthen the cybersecurity posture of your enterprise or organization.

[Link]