Recently, I introduced you to our heroes of Threat-Informed Defense. They comprise our diverse community of Tidal Cyber customers who are using our platform in ways you may not have thought about to save time and money, improve their existing defenses, and vastly increase the efficiency of their security teams.
In this blog series, we take a deeper dive into each specific use case to understand the challenges these heroes face, how they are applying a Threat-Informed Defense approach to address them, and the benefits they are driving for their team and organization.
CTI analysts have serious concerns they grapple with on a regular basis:
- Are we prioritizing the right threats for our teams (hunters, security engineers, red team, IT) to act on?
- Are we providing enough details to enable our threat intel consumers to leverage the data effectively?
- What am I missing?
Even if you have a CTI tool as part of your defense stack, it can still be challenging to manage threat intelligence at scale and make it actionable. It is difficult and time-consuming to identify and prioritize relevant threats and their behaviors, keep up to date with all the available sources of intel, map threats to MITRE ATT&CK® and other frameworks with sufficient granularity, and then communicate these findings for teams to use effectively.
We refer to this use case as threat research, prioritization, and profiling and it is directly in the wheelhouse for Threat-Informed Defense.
How Tidal Cyber Helps
Tidal Cyber is not a Threat Intel Platform (TIP), but we can automate collection, evaluation, and mapping of open source, third-party, and reported threat intelligence at scale to provide the most complete view of the threat possible. This even includes integrating with your TIP or other CTI feeds to provide a single view of the threat landscape. Given that MITRE ATT&CK is only updated twice a year, this is the only way to get a continually updated picture of new tactics, techniques, and procedures (TTPs).
Attackers can shift tactics and targets quickly. So, we also continually prioritize and reprioritize behaviors based on reported threat activity and relevance to your organization. Scattered Spider’s shift to SaaS and the discovery of eight techniques associated with the group for the first time is intel that is not available in MITRE ATT&CK. This recent example of TTP evolution underscores the need for visibility into landscape trends and continuous analysis and reprioritization based on behaviors.
The Tidal Cyber CTI team continually canvases the opensource community, works with community members who have unique vantage points, and integrates with key CTI providers to ensure that you have the most current and complete view of the threat landscape.
The Value of Hyper Vigilance
CTI analysts recognize the value this level of vigilance provides to the overall security program. Threat-Informed Defense can complement your existing CTI sources by improving your ability to keep pace with rapid changes and deliver detailed, actionable intelligence packaged for specific teams.
Ensuring specific security and IT teams stay focused on high-priority threats and can pivot their defensive capabilities in lockstep with the rate of TTP evolution puts CTI analysts firmly in the “Hero” category. CTI analysts are saving time and money, improving their existing defenses, and vastly increasing the efficiency of the teams that rely on their threat intel.
Interested in learning more about how we can help you and others in your enterprise become Threat-Informed Defense heroes? Reach out to us.
*** This is a Security Bloggers Network syndicated blog from Tidal Cyber Blog authored by Frank Duff. Read the original post at: https://www.tidalcyber.com/blog/how-cti-analysts-use-threat-informed-defense-to-overcome-top-challenges