Cyber Protection Strategy: Threat Intelligence vs. Machine LearningFebruary 1, 2018
The threat from cyber criminals is relentless, so any protection strategy needs to ensure that a security team’s workload is manageable and focused. With the right threat intelligence strategy in place, there are ways to gain extra time and target the most serious threats.
Through national news, businesses of all sizes are repeatedly urged to protect themselves against cyber crime. Recent UK Government statistics (The Cyber Security Breaches Survey 2017) found that nearly half of all UK businesses suffered a cyber breach or attack in the past twelve months.
Is threat intelligence still required, now we have machine learning?
With malware increasingly sophisticated and harder to detect, I’m often asked about the viability of threat intelligence. Is it a thing of the past, particularly given the advances of artificial intelligence and machine learning? I believe it still has to be an essential part of your cyber security strategy, as the first line of defense.
Threat data for Response Policy Zones (RPZ)
Deteque developed threat data for Response Policy Zones (RPZ). This enables selective blocking of DNS resolution to malicious sites, mitigating your security risks in real time. Like threat gateways, secure DNS services are designed to track and block malicious domains, zones and associated IP addresses, allowing you to filter threats that our research team has observed and analyzed. Because we do this first line of threat identification for you, there’s less ‘noise’ on your network. Your team and resources can then be concentrated on using AI and other analytics. With RPZ in place, your other analysis tools will work more effectively and your user and network protection is improved.
At Deteque, a division of Spamhaus, we help organisations protect their network operations and intellectual property. Our prevention-first approach gives you protection from increasingly malicious and complex cyber threats. Our approach is based on the Spamhaus track record of deploying data feed technologies that work with your network, with up to 97% of threats filtered from your email (source: https://www.virusbulletin.com/testing/results/latest/vbspam-email-security).
We see the security challenges from the inside, working alongside our customers to identify and prevent cyber risks. Once you know what your ‘good’ infrastructure and reliable traffic looks like, you’ll find it easier to identify the constantly evolving ‘bad’ traffic. Whilst there’s sadly no such thing as 100% prevention, Deteque’s threat intelligence tools will help you target your valuable resources on analytics tools specific to your network.
The harsh reality of cyber crime
It’s not meant to be scare mongering, but I’d just like to share a few sobering statistics with you:
- The average breach is not spotted for 99 days, during which time the integrity of your data is seriously compromised (Gartner)
- By 2020, businesses will need to cyber-defend 50 times more data than they do today, with cyber attacks forecast to cost businesses an estimated $6 trillion (Cybersecurity Ventures)
- Cyber security budgets should now account for 25%-30% of total IT spend (IDC)
It’s important to note that threat intelligence technology is not the silver bullet, however it does complement machine learning. Using threat intelligence gives a boost to machine learning algorithms, filtering out a high volume of ‘dross’ in advance. You can then really concentrate your time and resources on a smaller, more sophisticated sub-set of malware.
By Matthew Stith, Product Manager