Expanding Beyond Generic Threat Intelligence to Cyber Situational Awareness Empowers Organizations to Make More Informed Security Secisions
The shift away from one-size-fits-all to viewing every individual customer as a “market of one” was pioneered by companies like Levi’s, Dell and Amazon. Jeans that fit you exactly, PCs made to order and products recommended to you based on previous purchases, all exemplify the move from delivering standardized value through mass production to creating customer-unique value through mass customization. This method for approaching markets is now widely embraced. Customers benefit by getting precisely what they want and need while companies, with a better understanding of their customer base, can deliver tailored products and services that provide more value.
It’s time to apply this way of thinking to security, specifically cyber threat intelligence.
Attackers never rest and neither can organizations in their quest for better threat protection and risk mitigation. While cyber threat intelligence (CTI) has helped evolve the effectiveness of our defenses by providing greater insights into threats and threat actors, we need to do more. Data feeds, vulnerability feeds, indicators of compromise (IOCs) and profiles of threats and research reports will continue to be pertinent. Indeed, CTI provides a solid foundation to understand threats. But what’s lacking is cyber situational awareness that provides a more holistic and specific view of threats and vulnerabilities relevant to an organization.
Cyber situational awareness shifts from only delivering generic threat intelligence that informs, to also delivering specific information to defend against adversaries launching targeted attacks against an organization or individual(s) within an organization.
Cyber situational awareness brings together all the information that an organization possesses about itself such as its people, risk posture, attack surface, entire digital footprint and digital shadow (a subset of a digital footprint that consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary). Information is gathered by examining millions of social sites, cloud-based file sharing sites and other points of compromise across a multi-lingual, global environment spanning the visible, dark and deep web.
Cyber situational awareness provides relevant and contextual insight based on data that is company specific and pertains to the industry, company size and geography. For example, this data might include confidential documents posted on websites, employee credentials, and even information about key suppliers that could be used to infiltrate an organization’s network. Cyber situational awareness also analyzes and provides information on which malicious actors might be targeting an organization, why and their methods of attack. As a result, it gives organizations the upper hand with the adversary, allowing them to prioritize and mitigate a harmful event and regain control of their unique digital shadow.
Perhaps even more important, cyber situational awareness is designed to generate forward-looking assessments—tactical, operational and strategic. This helps organizations to understand what they need to do right now to stop attacks and mitigate risk, as well as how make the right investments to align their security postures in the longer term for more effective defenses. Taking this approach provides a more holistic understanding of the security issues surrounding the organization.
Expanding beyond generic threat intelligence to cyber situational awareness empowers organizations to make much more informed security decisions based on a truly comprehensive view of their potential threats, attack vectors, brand risks, data loss risks and profile of their attackers. By applying the proven market of one approach to threat intelligence, security professionals get exactly what they want – and need – unique insights that allow them to protect against threats that are most relevant and present the greatest risk.