The importance of threat intelligence for enterprise security

News Desk -

Share

By Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT

With cyberattacks increasing and breaches making headlines, IT security teams are faced with the reality that existing tools are simply no match for this growing threat. To make matters worse, as the risk rises, so does the cost of combatting the threats and the potential losses from compromised businesses.

According to a 2021 survey by PwC, cybersecurity is a growing concern for organizations, with approximately 43% of Middle East CEOs planning to increase investments in cybersecurity and data privacy by 10% or more over the next three years. Moreover, 41% of these leaders think that their organization should be doing more to measure cybersecurity. The ever-evolving threat environment has made it increasingly necessary to be vigilant.

A significant shortcoming of many of today’s cybersecurity tools is that the typical data sets feeding them are reactive, not granular, and do not extend to the earliest indications of a potential attack. This makes it difficult to identify threats early in the attack lifecycle. As a result, security professionals are not armed with the information to prevent infections from spreading, identify compromised assets, or stop future attacks.

How threat intelligence helps

Companies that do business on the internet or use network connections in any shape or form are vulnerable to cyberattacks. According to the 2H 2021 NETSCOUT Threat Intelligence Report, there were nearly 9.7 million distributed denial-of-service (DDoS) attacks in 2021.

However, while the threat landscape is often discussed in terms of attack numbers, experts in threat intelligence tend to think in terms of people: the adversaries behind the attacks.

When it comes to combatting distributed denial-of-service (DDoS) and ransomware attacks, threat intelligence is vital. Threat intelligence is the study of the bad actors who perpetrate these attacks, along with the tactics and tools they use. This involves unveiling the bad actor’s attack methodologies and why they are targeting those victims. This knowledge is then turned into actionable insight that enterprises can access and comprehend. Empowered with this knowledge, enterprises can learn about their network’s vulnerabilities to actively defend against threats.

That actionable insight is crucial for defending against DDoS attacks. There were more than 10 million DDoS attacks in 2020 alone, and that record-setting pace continued into 2021.

Defending against sophisticated attacks

One new form of attack that is recently on the rise is DDoS extortion. In these cases, the attacker launches a demonstration attack against the victim and then follows up with an extortion demand. This demand typically states that the attacker has a lot more DDoS capacity and will direct that capacity at the victim if the extortion payment isn’t made. 

Moreover, bad actors are using triple extortion tactics, combining data encryption, data exfiltration, and DDoS attacks to create a three-pronged attack that increases the likelihood of the victim complying with the ransom demand. 

In today’s increasingly fraught threat landscape, organizations must be prepared to defend themselves. This requires having a plan in place, successfully executing that plan, and regularly evaluating the plan’s effectiveness to strengthen it against subsequent attacks. The good news is, preparation pays off.

Ultimately, the fundamental aspect of DDoS defense is knowing the network. When it comes down to defending an organization, a lot of it will come down to knowing what their services look like and what they depend on and then using practical solutions to fine-tune the correct level of defense. Threat intelligence is essentially a way of testing defenses protection so that enterprises can enhance them.