There’s not much IT security professionals can do to prevent cybercriminals from launching attacks in the first place. That means the name of the IT security game is to reduce the mean time to detection (MTTD) as part of larger effort to reduce the mean time to response (MTTR).
Unfortunately, too many IT organizations are still thinking about MTTD in terms of detection of malware at some point after it lands on their systems. IT security would be a whole lot better for all concerned if organizations started thinking about MTTD in terms of detecting malware when it first appears in the wild. The good news is that threat intelligence services are getting better at detecting these threats. Most IT security vendors subscribe to multiple IT threat intelligence services. Most of them also responsibly share research about potential threats with each other. But IT organizations would be well advised to develop their own threat intelligence capabilities. After all, to be forewarned is to be forearmed.'IT organizations would be well advised to develop their own threat intelligence capabilities' ~ @mvizard Click To Tweet
The primary reason IT organizations should implement some form of cybersecurity intelligence is that the attacks are getting more targeted. Shadow Brokers, the cybercriminals credited with developing the WannaCry ransomware exploit using tools stolen from the National Security Agency (NSA) in the U.S., announced it plans to unfurl a subscription service through which it will provide any interested party with exploits and tools for roughly $23,000 a month. Obviously, Shadow Brokers will have to keep delivering a steady stream of security exploits to deliver a return on that business model. The trouble is that a separate report suggests that Shadow Brokers might have no trouble accomplishing that goal. OWL Security recently announced that it indexed 24,000 domains on the darknet as part of an effort to discover which organizations are most commonly cited on a part of the Internet where cybercriminals share tools and intelligence. The report concluded that every single Fortune 500 company has a digital footprint on the darknet. That would suggest that cybercriminals are actively working on more targeted exploits.
The good news is that more companies are paying a lot more attention to IT security than they were just a year ago. But too much of the focus is on MTTR. K-Mart this week announced it had discovered a new form of malware on its point-of-sale (PoS) systems. In addition to limiting its risk by having implemented a chip-based PoS system, the retailer deserves credit for isolating and removing that new threat in a couple of days. But that’s cold comfort to business executives that are equally, if not more concerned, about how long that malware had been in place. They say any battle fought on your own soil means there will be greater economic loss. The goal for IT security professionals should be to take the fight to the Internet itself. The first step in mounting any effective defense, of course, is to develop intelligence about what your enemy intends to do before they do it. As Dwight D. Eisenhower once observed:
In war, nothing is more important to a commander than the facts concerning the strength, dispositions, and intentions of his opponent, and the proper interpretation of those facts.
The difference now is the amount of time organizations have to act on that intelligence is now being measured in seconds.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.