Threat intelligence or cyber threat intelligence is the term for combining, analyzing, and interpreting large sets of data to predict and prevent cyber-attacks. As smart technology becomes increasingly integrated into our daily lives and we become more dependent on it, the need for threat intelligence increases.
Now, when most people think of cyber attacks, they imagine identity theft and corporate of government data breaches. However, in this modern age we have computers in everything, including our vehicles. Imagine what would happen if someone hacked into your vehicle while you were driving down the highway, or worse, the plane you were in?
All the convenience brought on by modern technology has brought with it a whole new type of threat. So, in the hopes of alleviating our new fears and feeling safe to fly again, we asked a group of industry experts…
What’s The Future Of Threat Intelligence?
Their answers should leave you feeling a little better…
Bryan Fite, Account CISO at BT Global Services
“Ubiquitous sensor networks will continue to capture everything humans and autonomous systems (a.k.a robots) do. Nothing will be forgotten because of cheap storage, various business models and data hoarders. These massive data repositories will be constantly mined for insight in real-time by machines.
Quantum computers and AI’s will be used to perform near perfect predictive analytics …and yet, organizations will still be pwned (compromised) and otherwise successfully attacked. Sensor data will be spoofed, data lakes will be polluted or poisoned and analytical algorithms will be gamed by adversarial AI’s. The real question is what role will humans play; spectator, victim or beneficiary?”
Jaime Blasco, VP & Chief Scientist at Alienvault
“My biggest prediction for the next 10 years is that threat intelligence will become commoditized and all the big vendors will be offering it by default. This implies that there will be less market fragmentation, since today there are dozens of different companies that specialize in selling threat intelligence. This will especially be the case for threat indicators/feeds.
I predict there is an opportunity for a few of the highly-specialized threat intelligence companies to survive if they solely focus on selling reports/TTP’s, which are much harder to commoditize. On the other hand, I expect governments to play a much bigger role in terms of sharing threat intelligence they have. We have seen some steps in the right direction with the FBI/DHS but there is still a lot of work to be done.”
Rich Reybok, Head of Engineering at ServiceNow Security Business Unit
“To look forward, let’s first look back. We’ve seen a low, steady improvement in threat intelligence quantity and quality. It’s evolved from person-to-person to an entire industry of solutions. Yet, it’s neither sufficient nor contextual enough to be actionable. The real data is stuck behind the enterprise firewall.
This MUST change.
The lack of security talent is bad now and getting worse. And attacks will continue to get more complex and grow. Combined with the explosion of vulnerable IoT infrastructure, organizations will need new threat intelligence capabilities to respond. They will need the AI-powered security operations center, powered by real-time enterprise-to-enterprise threat intelligence sharing.
Threat intelligence will no longer come from web scraping forums or honeypots. Instead, it be a contextualized federation of internal forensic and network indicators coming directly from the backbone of the most capable infrastructures in the world, allowing enterprises to get ahead of the hackers.”
Morey Haber, VP of Technology at BeyondTrust
“The future of threat intelligence will revolve around the behavior of users and applications in a predictable and acceptable measure. Information technology systems generate a plethora of log and event data today. Basic patterns of logon, logoff, and access information are readily available but threat analytics and user behavior modeling are all external to the operating system and applications. When patterns are aggregated for any resource, obvious predictions can be made about the next occurrence of an event or when a deviation should occur such as a holiday or planned vacation for any resource.
In 10 to 15 years, this data will no longer be externalized for threat identification. It will be embedded in user and business applications, linked to other sources such as calendars, geolocation, financials, and processed internally to identify potential risks. The end result will make information technology more secure by learning and recognizing what we do, when we do it, and raise escalations when the patterns fall too far out of the norm.”
Michael Fimin, CEO & Co-founder of Netwrix
“Although threat intelligence is perceived to be critical for addressing cyber risks, solutions labelled as threat intelligence cannot provide in-depth overview of existing threats and vulnerabilities. On the contrary, I hear a lot of stories from customers, who find themselves switching between myriads of different systems and consoles, which is time-consuming and provides only general information about cyber risks.
However, the technology is evolving, and I expect to see more integration between threat intelligence solutions and various security tools and custom applications. Integration with endpoint detection and response tools, ERP software and other will facilitate better communication between organizations’ departments and give them visibility into their IT environments to prevent security incidents.
For example, integration between threat intelligence and Human Resource Management Systems will help businesses reduce the risk of insider misuse by quickly disabling accounts of leaving employees and notifying IT departments in case these users perform any activities.”
Christy Wyatt, CEO of Dtex Systems
“Today, advanced firewall and intrusion detection technologies provide adequate perimeter protection. However, the insider threat will continue to persist as the primary challenge, even a decade from now. The insider threat needs to be addressed today to safeguard businesses for the future.
For example, the relatively new prevalence of cloud services such as Dropbox and Google Drive provides organizations with much-welcomed increases in productivity and efficiency while streamlining workflows.
However, these tools are not inherently secure and pose as major vulnerability risks because the default account settings often do not provide sufficient protection for files saved in the cloud. The URLs established to access and share the files are often times indexed by search engines, allowing it to be found in the public domain by external parties through a simple Google search. The use of such cloud services will only continue to increase, perhaps to a point where physical data storage devices (hard drives, CD-ROMs, thumb drives) become obsolete.
Organizations must educate and implement safety techniques to employees now, in order to prepare for the future. Companies should have a security solution that helps them understand what their users are doing on corporate endpoints. By having this insight and intelligence on user behavior, security teams can pinpoint actions that deviates from the norm so that they can address potential threats, whether caused by negligent or malicious employees.”
Robert Katz, Executive Director at Innovation Intelligence Institute
“WE WILL BE – the same:
- lack of awareness, action, and accountability
- unclear aligned mission between private and public sectors
- advancements in artificial intelligence, machine learning, and autonomous networks with limited success
- because adversaries using the same tools to attack us – so no net gain
WE SHOULD BE
- immediate concentration of central, private, government
- funded collaborative “centers of excellence” focusing on hybrid warfare
- universities and national labs aligned with industry initiatives
- legal approval to offensively attack hostile servers with 100% certainty
- secure “friend or foe” identification with random generated validation codes
- manufacturers’ permanent serial IP addresses with self-destruct if the computer is tampered
- global database of hostile actors and servers
- successfully reverse the current massive successes in hybrid warfare by our adversaries
- think outside the bubble to use modeling and simulation to predict attacks, not just react to or recovery from.”