Traditional security approaches are manifestly not adequate to protect an organization’s critical financial and data assets. Security and forensics teams need more insight into attackers, so that they can gain a deeper understanding of who they are, how they’re operating, and what they are likely to do in the future. Armed with such information, teams can better defend against existing infrastructure and techniques, and can even predict and block future attacks from the same threat group.
Two important steps that organizations can take to ameliorate current practices are to add domain and DNS-based threat intelligence to existing security defenses, and to adopt a Continuous Security Model (CSM). By doing so, they can:
-Bolster the capabilities of existing firewalls, intrusion prevent systems, spam filters, malware filters, unified threat management systems, and other elements of their security infrastructure. By providing these systems with better information about current threats, they will be more capable in detecting potential incursions and prevent cybercriminals from infiltrating networks.
-Develop more in-depth knowledge about cybercriminals by understanding their activities, their network of threat sources, and their past behavior, so that IP addresses and domains – including those not yet directly involved in an attack – can be dealt with appropriately to the level of risk they pose.
-Conduct more thorough investigations into past attacks and potentially discover threats that infiltrated the network weeks or months earlier.
-Transition from a reactive model to CSM. This model – of which domain and IP-based threat intelligence is an integral component – is essential to effectively monitor, detect, block and remediate the growing number and sophistication of attacks that organizations encounter.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program