Mapping and tracking new and emerging threats

Written by

CyberInt VP Daniela Perlmutter, who has experience in managing global teams in multi-billion dollar technology companies in the Telecoms and IoT space, believes that companies must develop a full mapping model of their vulnerabilities right across their organisations in order to pinpoint and track new and emerging threats.

Organisations are currently suffering breaches from all types of attack vectors and from
rapidly growing numbers of threat actors. Six out of every 10 businesses are experiencing the same or more fraudulent losses online compared with a year ago, according to Experi-an’s Global Fraud and Identity Report. At the same time, investment in cybersecurity is growing. Forrester reports that from 2013 to 2018, VC funding in digital risk protection (DRP solutions) topped $482 million.

To help identify and respond to emerging threats before they hit the network, it is crucial to quickly detect breaches or attacks from the outside, thus reducing the time to respond and stopping threats before they materialise into incidents. Deep coverage of Darknet, Deep Web and open-net marketplaces, hacking forums, paste sites, chat rooms and closed groups and forums enables organisations to have a clear real-time map of their
vulnerabilities. This should be allied with extensive investigation of passive domain name systems (DNS), which are increasingly a prime target for threat actors, newly registered domains, malicious file hashes and social network accounts.

By accessing powerful advanced targeted threat intelligence capable of plugging the right holes in an organisation’s defences companies can direct their resources to stopping real threats rather than amassing knowledge of a host of threats that are not directly relevant to their business.

In addition, in order to meet the challenge of rising cybercrime by directing resources to where they are most needed, companies also need full mapping of their digital footprint and all their vulnerabilities including IP addresses, domains, sub-domains, vendors, social
network accounts etc in order to effectively detect incoming and emerging threats and
respond to them in real time.

Understanding the root cause of indictors of compromise (IOCs) enables companies not only to identify a potential risk but also more effectively mitigate it, prevent its impact on
different parts of the business and even identify the actual threat actor and interact or press charges where needed.

The foundation of modern police investigations is a vast forensic database of ongoing
suspicious and criminal activity and the identification of suspect criminals. In a similar
fashion, a suspicious IOC use can be traced by connecting different attributes and related assets to the IOC. For example, similar to a DNA in a crime scene, one can encounter a suspicious IP address and get its connected domains and through that the person who
registered those domains. This forensic trail can be available through various databases such as WHOIS DB, Passive DNS services etc. and through accurate utilization of Open-Sourced Intelligence (for example, connecting email addresses to other threat actor
attributes, using database of known and emerging threat actors, matching these against the techniques and tools they each use when illegally hacking into corporate communica-tions). Furthermore, Machine Learning (ML) enables the resulting data to be contextual-ised and streamlined to the organisation’s precise needs.

To summarize, the digital transformation organisations are going through requires a unique approach to stop threats before they materialize into incidents. To do this, compa-nies should utilize strong targeted threat intelligence, advanced threat detection capabili-ties and augment it with forensic tools that will provide the security team a clear visibility to a threat and the path to its mitigation.

The topic of Threats, Exploits and Vulnerabilities will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Threats, Exploits and Vulnerabilities here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.

What’s hot on Infosecurity Magazine?