InFocus: Threat intelligence to prioritise and optimise defence posture

News by SC Staff

Sponsored video: By monitoring a wide range of security data feed and dark web sites, Skybox generates threat intelligence which keeps up with ever-changing attack vectors.

Gidi Cohen, founder and CEO of Skybox Security, a leader in cyber-security analytics explained to SC Media UK how his company uses sophisticated analytics, modelling and simulation to provide organisations with clearer visibility of their attack surface, reduce exposure to attacks and prioritise remediation.

Skybox's team of security analysts monitors a range of security data feeds and some 700,000+ sites in the dark web to provide threat intelligence on exploits in the wild – warning of attacks and the tools and techniques that attackers are using.

When asked by SC what trends have been seen over last year, Cohen responded, “One of the most notable is the high concentration by cyber-criminals on a small list of vulnerabilities.  Different exploit kits are being weaponised to attack these vulnerabilities.”

Attacks continue to come from a wide range of sources, crime organisations – the countries everyone knows about, says Cohen, adding that there are “fewer nation state attacks but they are there – that's not changing. What's changing is the different attack vectors and the tools and techniques they are using.”

The key point Cohen makes is that by understanding the tools and techniques used against you, what exploit kits are relevant to the vulnerabilities in your organisation, you can use that threat intelligence to get the tools in place to defend against what is being targeted in your organisation, as well as configuring the defences you have to contain those attacks as much as possible.

What can we do against threats like phishing?  Cohen says its a mix of education, and assuming that some staff will make mistakes so you need to make sure the depth of defence means your critical assets will still be defended, with the right technical controls in place, applying best practice to ensure those attacks are contained.

Cohen concludes, “The attack surface can be huge and complex with many points of entry – so prioritisation and context are key – and ability to remediate.”  And threat intelligence can thus be used to shrink your attack surface, improve your defences, and help your remediation if you know what you are facing. 


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews