There are a number of use cases that a mature cyber threat intelligence program is typically able to support with an organization — some examples being security validation and strategy, network defense, incident response, vulnerability management, and insider threat. I wanted to introduce you to a relatively new use case: using cyber threat intelligence to validate your security controls.
Why does security validation matter?
The need to validate your security controls is similar to the need for the testing of any developed software—not 100% necessary, but you live dangerously if you don’t do it. Validating the security controls you’ve deployed will enable you to identify misconfigurations and optimize your security stack to reach a higher level of assurance.
Why use cyber threat intelligence to validate your security controls?
By nature, cyber threat intelligence is focused on threats to your organization, organizations in your sector, as well as critical 3rd parties that your organization relies on. By using intelligence to validate your controls you are ensuring that the tactics, techniques, and procedures (TTPs) of threat actors that could do damage to your organization are unable to do so.
How do you use cyber threat intelligence to validate your security controls?
In order to do this you first need consistent, up to date, and structured TTP information on threat actors relevant to your organization. This information should be able to be replayed or replicated in an ongoing and automated way without touching any malicious infrastructure directly. Ultimately, we should be running neutered malicious traffic in a controlled environment that doesn’t compromise your organization or touch the threat actor’s infrastructure.
Ongoing validation of your security controls with up-to-date TTP information used by cyber threat actors of direct relevance to your organization will enable your team to identify gaps in your security controls before incidents occur, therefore improving your existing controls and reducing the cost of incidence response.
Verodin and Intel 471
Verodin and Intel 471 have a joint offering that enables organizations to use Intel 471 intelligence to power the Verodin Security Instrumentation Platform, providing organizations with assurance that they are protected from the latest threats.