What Does Effective Cyber Threat Intelligence Look Like? Experts Weigh In

Fill in the gaps reactive cybersecurity measures leave behind.

With storied careers overseeing cybersecurity operations in high-stakes sectors like banking, government, and the military, Origina’s Ben Lipczynski and SecAlliance’s Mick Reynolds have unparalleled knowledge of what makes a business truly secure. If you listen to the two experts talk shop, one fact quickly becomes clear: The need for proactive software security, enhanced by effective cyber threat intelligence, is non-negotiable.

Reynolds, SecAlliance’s Director of Intelligence, and Lipczynski, Origina’s Director of Security Services, took the stage at Empower 2024: Shatter the Status Quo to discuss effective cyber threat intelligence and ways companies can evolve beyond purely reactive cybersecurity measures like software patching.

Here are a few questions all businesses should consider as they expand their security risk management systems.

1. What is Cyber Threat Intelligence?

At a high level, cyber threat intelligence is defined as the collection and analysis of information about potential or current attacks that threaten an organization. Unlike reactive cybersecurity measures, which apply the brunt of the action once an attack or breach has occurred, effective cyber threat intelligence helps businesses anticipate potential attacks and mitigates risks before they turn into more serious problems.

This intelligence-led approach allows businesses to stay one step ahead of cybercriminals by understanding their tactics, techniques, and procedures, and improves business decision-making by leveraging real-time data.

2. Why Do Experts Say Patching Alone Isn’t Enough?

Waiting for a software OEM to respond to new threat, develop a solution, and roll it out to customers can introduce contextual and timing-based risks that are often avoidable with a context-guided approach.

“There are plenty of stories out there of companies that are on the latest version, as these patch fixes come out…but they’re still compromised, still being attacked,” Lipczynski says.

3. How Does Security Scanning Software Play Into Your Framework?

Lipczynski offers a similar take on the widespread practice of security vulnerability scanning.

“Yes, you can run automated scanners, but they make a lot of assumptions about the way you’re utilizing your software,” he says. “What the industry is trying to do as a whole is mature and say, ‘yes, vulnerability management has a place, but it has to go further.’”

A framework built with strong cyber threat intelligence in mind might take the results of a security scan into consideration. But companies should not interpret their pass-fail results as unimpeachable proof that their technology estate is secure or even that a given vulnerability truly exists in the environment. Corporate IT estates are too complex and individualized to assume the scanners can detect every potential vulnerability.

4. How Does Cyber Threat Intelligence Lend to Better Decision-Making?

Implemented properly, frameworks backed by cyber threat intelligence promote better collaboration and information sharing between cybersecurity and IT operations teams. Increased communication builds more comprehensive software estate security and enables quicker responses when issues occur.

Likewise, contextual understanding helps companies make better decisions. Understanding a given system’s configuration can help companies quickly react to emerging cyber threats instead of waiting for a patch to release. Reynolds says stakeholders have increasingly embraced cyber threat intelligence frameworks because the security world is more aware of the need for contextual defense.

“It’s getting organizations to look a lot more closely at what’s critical for them and the way they function,” he says. “These frameworks are allowing companies to understand their own architecture, the way they’ve got their interdependencies connected. They can get a really good, accurate understanding of how resilient they are.”

5. Are Cybersecurity Misconceptions Holding Your Security Back?

There are multiple ways to secure software, and context informs which is best for the circumstances. Even so, practices like patching and security scanning sometimes receive an inherent preference – a misconception that can lead to a weakened security posture.

Practices that get results tend to stick around in business, and Lipczynski says gaining familiarity with so-called alternative (non-reactive) security practices is often all it takes for a company to understand their benefits.

“Once that process has been embedded and utilized, I find that fear of changing models reduces,” he says. “It just becomes business as usual.”

Stronger Cybersecurity Is Just the Start

More effective, contextually aware cybersecurity is a strong enough motivator on its own, but businesses that build cyber threat intelligence into their frameworks with the help of an independent software maintenance partner receive additional benefits. Lipczynski says these can include:

• Better agility with fewer potentially meaningless restraints, such as contextually blind scanner findings, standing in the way of progress.
• Longer software lifespans, since companies no longer feel the need to upgrade versions just to keep receiving security patches.
• Greater roadmap control and the ability to change as dictated by your own market, not the demands of your software vendor.

Problems almost never occur in a vacuum in highly complex enterprise technology environments, and the issues attacks and breaches cause almost always extend beyond the systems they touch. By embracing frameworks enhanced with cyber threat intelligence, businesses don’t just give themselves a better chance to react; they reduce the incidence of problems that need a significant reaction to begin with.

Expert software security, licensing, and maintenance advice. Watch Empower 2024 — Shatter the Status Quo today.