Connect with us

Hi, what are you looking for?


Incident Response

True Awareness for National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month (NCSAM) and an opportune time to remind every organization of the importance of “awareness” to their cybersecurity programs. 

October is National Cybersecurity Awareness Month (NCSAM) and an opportune time to remind every organization of the importance of “awareness” to their cybersecurity programs. 

I fully realize you’re already well-aware of the relentless stream of global cyberattacks against organizations and individuals every day. And we all know that security teams are drowning in a sea of alerts in large part driven by a defense-in-depth strategy with layers of protection that aren’t integrated and create a massive amount of logs and events. Not to mention the numerous threat feeds most organizations subscribe to – from commercial sources, open source, government, industry and existing security vendors. What more do we need to be aware of? 

What I’m talking about is contextual awareness so that you don’t spend a good portion of your day responding to calls from management about the latest threat in the headlines. Or drown in a sea of alerts. Or ignore half of those threat feeds because the volume of data is simply too overwhelming to consume. Contextual awareness drives value for security teams of all sizes and capabilities so that we can do more with the resources we have to take the right actions faster to better protect and mitigate risk to our organizations.  

Context comes from aggregating internal threat and event data along with external threat feeds in a platform that serves as a central repository and normalizes that data so that it is in a usable format. By enriching events and associated indicators from inside your environment (for example from sources including your security information and event management (SIEM) system, log management repository and case management systems) with external data on indicators, adversaries and their methods, you gain context to understand the who, what, where, when, why and how of an attack.

Now you can prioritize based on relevance to your environment. But what is relevant to one company may not be for another. Many intelligence feed vendors provide “global” risk scores but, in fact, these can contribute to the noise since the score is not within the context of your company’s specific environment. It is important to be able to assess and change risk scores based on parameters you set. Filtering out what’s noise for you allows you to understand what to work on first. You can focus on what really matters to your organization rather than wasting time and resources chasing ghosts.

This is the kind of awareness companies need to accelerate security tasks that bog down Tier 1 analysts. For example, by finding the signal through the noise you can simplify and accelerate alert triage. And vulnerability management resources can focus on where the risk is greatest by prioritizing vulnerabilities with knowledge about how vulnerabilities are being exploited.

Contextual awareness also benefits Tier2/Tier 3 investigation, response and threat hunting activities. Whether digging deeper into an escalated trouble ticket or investigating suspicious behavior observed in the environment, analysts can pivot to adversary and external sources to learn more about associated indicators. They can then search for and compare indicators across the infrastructure and find matches between high-risk indicators and internal threat and event data that suggest possible connections. When proactively hunting for threats, analysts can use data, such as from the MITRE ATT&CK framework – a knowledge base for intelligence on techniques, tactics and adversaries. For example, if they are interested in malware currently being used to target their industry, they can leverage MITRE ATT&CK data to hunt for potential indicators of compromise or possible related system events within their environment. Finally, as threat hunting is a continuous process, when new data and learnings are added to the platform, intelligence is automatically reevaluated and reprioritized to remain relevant. 

Advertisement. Scroll to continue reading.

Even companies that don’t have their own security operations centers can benefit from contextual awareness through managed security services providers (MSSPs) or managed detection and response (MDR) services. Providers of these services can use the platform to deliver threat intelligence and security monitoring that’s relevant to your organization. They can also offer additional, high value and customized services such as risk assessments, threat hunting and incident response that focus on the threats that matter most to you and improve your overall security operations. 

Now in its 16th year, NCSAM is a great vehicle to raise awareness for cybersecurity and to remind every organization that the ability to improve security operations begins with contextual awareness. How aware are you?

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.