Threat Intel is Dead Long Live Network Monitoring

For years now, cyber threat intelligence has been accepted as one of the standard cybersecurity approaches. Today, however, the changing nature and exploding volume of cyber threats are challenging the ability of threat intelligence services to protect organizations effectively. Increasingly, they’re turning to alternative strategies such as continuous network monitoring to address this new reality.

How Does Cyber Threat Intelligence Work?

Cyber threat intelligence collects, cross-references, and correlates information from multiple sources to identify cyberattack vectors.

The sources of intel are diverse. They can include the Darkweb, cyber threat intelligence tools like OSINT, discussion forums, media, social networks, threat feeds (e.g., list of known malicious IPs), and analysis results by intelligence services and MDR teams such as StreamScan.

For example, pharmaceutical companies working on a COVID-19 vaccine are being heavily targeted by cyber attacks. These attacks may come from competitors, organized crime, or even other countries wanting to access the research results of these pharmaceutical companies.

The ultimate goal of threat intelligence is to have enough information to make quick decisions about potential attacks to thwart them.

A Proven Approach Under Siege

Cyber threat intelligence is most effective when there’s little variation in the types of attacks organizations face, which was the case until around 2016.

Since then, we’ve been witnessing an explosion of cyber threats. Critical security vulnerabilities are being discovered weekly. And the appetite of hackers (individuals, organized crime, and even state actors) is growing exponentially.

COVID is Straining Security Systems

COVID-19 is making the situation even worse; the current massive expansion of telework has opened the door to traffic from unsecured employee devices. The mountains of data to be analyzed becomes a bottleneck. Companies lack qualified personnel to deal with the volume of traffic that needs to be analyzed. In the end, cyber threat intelligence teams end up swamped - increasing security risks.

In today’s context, the threat intel approach is less and less effective, creating alert overload for security teams and opening the door to breaches.

The Answer: Network Monitoring

The most successful approach to today’s new fluid threat environment is network monitoring. This focuses on real-time surveillance of your network's security via tools capable of providing 360-degree network visibility (such as our StreamScan CDS technology). It is vital to select a solution that can monitor all machines connected to your network. Blindspots mean increased risk.

Whatever tool you use, the monitoring should be carried out by a team with proven experience in intrusion detection, prevention, and cyber-attack management. These experts will be able to spot relevant attack signals and suspicious behavior.

With the right team and technology, you’ll be protected, whether attacks target your Cloud, your internal network, or employees through phishing campaigns.