From CTI to Cyber Situational Awareness: What You Should Know
November 16, 2015
With more attackers trailing the digital shadows of organizations, traditional defenses have proven to be insufficient and organizations are looking at new ways of protecting themselves. Many are turning to Cyber Threat Intelligence (CTI), but what exactly does that mean? There are many different definitions and, as a result, varying expectations of what CTI can do.
Earlier this month, Forrester Research’s Rick Holland issued a new report, Vendor Landscape: S&R Pros Turn to Cyberthreat Intelligence Providers for Help. The report helps organizations understand what CTI is, the role it can play across the intelligence cycle and how to evaluate CTI providers. The fact that 20 CTI vendors were included in the analysis is testament to the rising prominence of CTI as a security tool, but also to the potential for confusion when selecting a vendor.
Forrester defines CTI as: The details of the motivations, intent, and capabilities of internal and external threat actors. The intelligence includes specifics on the tactics, techniques, and procedures of these adversaries. Threat intelligence’s primary purpose is to inform business decisions regarding the risks and implications associated with threats.
The report describes the three levels of CTI as:
- Tactical: Commonly technical in nature and could be as simple as using threat indicators to proactively hunt for and defend against adversaries.
- Operational: Focuses on the motivations, intent, and capabilities of adversaries.
- Strategic: Informs business decisions regarding the risks and implications associated with threats… and can be used to direct cybersecurity investment.
Digital Shadows is one of the few vendors rated as delivering all three levels of CTI – tactical, operational and strategic.
Forrester applies David Bianco’s “Pyramid of Pain” to the CTI vendors in the report. In a nutshell, the higher up the pyramid the more difficult the corresponding CTI capability is to provide, and the more pain it causes an adversary. Once again, Digital Shadows is among the highest rated vendors with capabilities all the way up to the very top of the pyramid.
As I read through this report, one piece of advice that really resonated with me was: For most security teams, especially when starting out, it’s important that you don’t hyperfocus on the three tiers.
I couldn’t agree more. It makes sense to start with tactical applications of CTI and expand over time. What you need to look for is a vendor with solutions that can evolve with your CTI strategy and help you gain better threat protection and risk mitigation.
CTI provides a necessary and solid foundation to understand threats, but alone can’t provide a truly holistic view of an organization’s risk from the “outside in.” That’s where cyber situational awareness comes in. Building on CTI, cyber situational awareness can prevent, detect and contain cyber-related incidents by analyzing the adversary through an “attacker’s eye view” and providing tailored threat intelligence that alerts organizations to potential threats, instance of sensitive data loss or compromised brand integrity.
Cyber situational awareness provides relevant and contextual insight, based on industry, company size and geography, to prioritize and then mitigate a harmful event. In the Forrester report, Holland writes, “If a vendor’s collection capabilities don’t produce threat intelligence that is relevant to your organization and threat model, then it’s nothing more than window dressing. When it comes to actionable intelligence, relevancy matters.” We do this for our clients by examining millions of social sites, cloud-based file sharing sites and other points of compromise across a multi-lingual, global environment spanning the visible, dark and deep web. Our clients receive a handful of truly relevant, actionable alerts each day rather than having to assess hundreds, or even thousands, of false positives in generic feeds, or having to utilize manual tools to find the signal in the noise.
Cyber situational awareness also analyzes which malicious actors might be targeting an organization, why, and their methods of attack. All of this is accomplished through both technology and expert analysis. Human analysts ensure extensive coverage, tailored intelligence, and frictionless deployment so organizations can focus on priority cases and get the most from their investment, even as needs change.
To learn more about CTI and how to select a solution that puts you on a path that’s right for your organization, read the full report here. And to hear directly from Rick Holland of Forrester view our webinar on demand.