Blog_Header.jpg

IntSights' Blog

Upgrade Your Threat Intelligence Program Part 3: Leverage Automation & Integrations

by Nathan Teplow / September 24, 2018

To continue our blog series on how to upgrade your threat intelligence program, we turn to part 3: leverage automation and integrations. The longer a threat goes unmitigated, the bigger risk it poses. That’s why automation is key to an effective threat intelligence program. Using integrations and automated remediation can significantly reduce your time to mitigate threats--making your team more efficient and lowering your overall cyber risk.

Here is how organizations can leverage automation and integration to increase the overall efficiency of their threat intelligence program.

 

Operationalizing Your Threat Intelligence

Operationalizing your threat intelligence is a key part of a mature threat intelligence program. You may find some great solutions or services that provide you with a lot of information, some of it better than others, but you still need to have people available to take action on it. Here are some common examples of threat mitigation you can automate through integrations and policies.

Phishing Domains

Phishing is one of the most common tactics used by hackers. You may get an alert about a phishing domain or website that you want to block in your mail gateway, firewall or proxy. Having this intelligence fed directly into your security devices to automatically block that threat (instead of relying on manual blocking) will significantly reduce the incident response time. It also reduces the labor needed to manage this intelligence, which is already a scarce resource for threat intelligence teams. So any time savings you can achieve are incredibly helpful.

Threat Takedown

Another example is taking down threats on other web properties, like social media or application stores. Let's say you identify a suspicious social media page leading to a phishing site. You'll want to engage with that social media platform to initiate a takedown of that page. This process often involves your legal department or an external law firm, which can significantly extend the time it takes to remove the page. Leveraging automation and takedown partnerships can help reduce the time and effort needed to remove external threats. 

Compromised Email Credentials

There are tons of credentials that are compromised every day through a variety of channels around the globe. The bigger your organization, the more credentials you have. Many employees use their work emails to sign up for various services and logins, which can complicate the identification and mitigation process. It's one thing to identify if an email address has been leaked, but you also need to know if that account is still on your network so you can determine the impact to your organization.

Integrating this intelligence with your Active Directory helps you automatically identify compromised credentials that pose a direct threat to your organization. Furthermore, if they are an active employee, you can automatically configure certain mitigation actions, like password resets, account locking or forcing a password change on the next login. 

Operationalizing your threat intelligence enables you to take action quickly without your team spending cycles on repetitive tasks. Instead, they can focus on strategy and more proactive threat hunting.

Stay tuned for Part 4 coming next week. If you'd like to catch up on our previous posts in this series, you can do so here:

Want to learn more about threat hunting best practices?

IntSights_HUMINT_White_Paper-cover
HUMINT: The Key to Engaging Your Cyber Adversaries 
Download Now

Tags: Threat Intelligence Threat Intel Cybersecurity Cyber Intelligence

0 Comments
previous post IntSights Becomes a Cisco Security Technology Alliance Ecosystem Partner
Next Post How Cybercriminals Use Pinterest to Run Fraud Scams
Nathan Teplow

Nathan Teplow

Nathan is a Senior Product Marketing Manager at IntSights, responsible for the company's positioning, messaging and content strategy. He has worked in IT and cybersecurity marketing for over 5 years, holding a number of different roles across product marketing, marketing programs and content marketing. In his free time, he enjoys staying active, being outdoors and following any and all Boston sports teams.