Drowning in False Positives?

Whenever I drop the phrase “Threat Intelligence” into conversation with cybersecurity leaders, I’m met with a sceptical raised eyebrow – or perhaps a rather more direct – and pithy - response.

According to securityweek.com, the average large enterprise gets nearly 17,000 cyber security alerts each week, investigates only 4% of these, and spends more than £800,000 annually responding to false positives - erroneous or inaccurate alerts.

People really don’t need more tools that generate generic alerts – we’re already overwhelmed by the amount of data we need to process & understand, and the vast majority of data turns out not to be relevant to your own company, brand, or infrastructure.

Another live feed of ‘bad IP addresses’ isn’t “Threat Intelligence” – it’s just more data. On the contrary, we should be focusing our limited resource on threats to our specific digital assets, customers, employees, and supply chains.

If I had to guess, I’d say 75% of the companies I talk to do not have any form of outward-looking capability which could help identify external threats to their organisation – so they have no hope of trying to prevent the damage they could cause.

Cyber reconnaissance techniques, combined with continuous monitoring, can uncover how malicious actors plan their attacks. It’s paramount to anticipate threats before they materialise. Bad actors can quickly and easily profile your organisation on the Dark Web, where billons of compromised login credentials are freely available if you know where to look. Your own organization will feature there for sure.

That pretty dashboard showing you the latest IOT malware trending in Bulgaria may look great, but when was the last time it helped you do anything differently? In reality it’s just costing you time and money.

Instead, why not deploy an Advanced Threat Protection platform? Focused, multi-layered keyword lists limit threats notifications to your own brands, domains, assets and servers. That way, you can cut out the clutter, and focus your efforts investigating threats targeted at you – not the rest of the internet.

You might hear about the breaches that make the news, but your organisation might be on the way there as we speak. So why not take a more intelligent approach to threat management? Now that’s what I call “Threat Intelligence”...

Learn more about Smart Intelligence? 

Sam Hooke

Digital risk protection

Posted by Skurio Blogs and News

 

Have your say...