Making the Most of Your Threat Intelligence Data

This interview is an excerpt from GovLoop’s recent research guide, The Current State of Government’s Cybersecurity.

Right now, determining best practices for harnessing threat intelligence data is a popular topic for government and cybersecurity. But what’s often left out of the discussion is the importance of interoperability and automation along with the ability to share actionable intelligence across a cyber-defensive grid. As a result, government has yet to really tackle cyberthreats in real-time.

Intelligence data is only half the equation in addressing malware and cyberthreats. Most agencies rely on siloed security infrastructures where staff and products rarely communicate well with one another. Additionally, a shortage of trained security staff and a lack of automated processes result in inefficiencies and protection gaps.

In an interview with GovLoop, Ned Miller, Chief Public Sector Technology Strategist at Intel Security, a security solutions provider, shared the importance of interoperability paired with adaptive threat prevention and how Intel could help agencies move away from siloed security technologies and systems.

Adaptive Threat Prevention

Miller shared the essential elements of adaptive threat prevention: interoperability and automation. “Interoperability in this context is best described as the ability to improve effectiveness and efficacy,” Miller said. “The active sharing of data and processes makes it possible for every security control to leverage the strengths and experiences of the other security tools that are part of the overall security infrastructure.”

This approach replaces traditional, disconnected infrastructures and promotes collaboration to achieve a more sustainable strategy against complex threats. Additionally, automation helps agencies be more proactive in tackling cyberthreats. Rather than treating each malware interaction as a standalone event, adaptive threat prevention integrates processes and data through a more efficient messaging layer, which facilitates communication between distributed systems. This approach seamlessly connects end-to-end components through automation, allowing administrators to generate and consume as much actionable intelligence as possible from each process.

What’s clear is that keeping systems, people, and processes disconnected will only impede government’s ability to mitigate threats. Siloes keep agencies from being proactive and limit them to what Miller called “firefighting mode,” where they detect and react to the threat after the damage has already been done.

Interoperability and the shift to adaptive threat prevention enable agencies to better detect threats before they become serious problems. “Interoperability and integration improves effectiveness, period,” Miller said. “When agencies are kept in firefighting mode, they are pouring human resources into every breach.”

With adaptive threat prevention, agencies integrate their teams, tools, and processes to detect and address threats ahead of time and use their threat intelligence in more sustainable ways.

The DXL Platform

Tools like Intel Security’s Data Exchange Layer (DXL) allow agencies to apply these three action items and take advantage of real-time command and control options for otherwise inaccessible systems. DXL is the foundation for enabling the ideal adaptive security ecosystem. It’s a near real-time communications fabric that allows security components to share relevant data among endpoint, network, and other IP-enabled systems. Using tools like DXL, agencies can harness better automated response, reduced response time, and better containment of any threats.

“To accelerate the process and keep up with the enormous volume of sophisticated threats, security architectures must undergo a significant evolution and be able to start in real-time,” Miller said. “The goal of the DXL platform is to promote an open collaborative security platform that enables active command and control, assists with interoperability, and insures consistency as well as speed of outcome.”

With solutions like DXL, agencies can:

  • Create an integrated security ecosystem that works across vendors. The open platform connects security products and solutions from multiple vendors for bi-directional security information sharing.
  • Reduce costs and increase value. DXL unites disparate security technologies into a single coordinated system. By doing so, this drives costs lower, streamlines protection and response, and shifts valuable security team resources away from manual tasks and tactical fire drills.
  • Identify more threats faster. Security components connected through DXL instantly share contextual insights while delivering immediate threat protection.

It’s clear that adaptive threat prevention through actionable intelligence is the way to move forward in cybersecurity. The question is how agencies can take advantage of their actionable data and use it in the most efficient way possible. With tools like DXL, government can now harness interoperability and automation, stop being “firefighters,” and start being better public servants.

To learn more about the current state of government cybersecurity, be sure to check out our latest guide by clicking here.

Screen Shot 2016-08-17 at 12.48.12 PM

 

Leave a Comment

Leave a comment

Leave a Reply