July 23, 2020 • The Recorded Future Team
State and local security analysts and their teams are drowning in threat data. Agency silos make it harder to exchange vital intelligence insights, resulting in dangerous time delays. On top of that, most analysts don’t have the time or resources required to manually investigate potential indicators of a cyberattack. This situation leaves government agencies open to risk — and it can even make them unaware that a breach has occurred.
Current events have intensified these challenges, while the shift to remote work has made it even harder to assess and analyze potential threats.
Allan Liska, an intelligence analyst at Recorded Future, recently joined a virtual roundtable on Government Technology alongside Deborah Snyder, senior fellow at the Center for Digital Government and Former CISO for the state of New York. They explored state and local government’s top-of-mind cybersecurity challenges, and how an intelligence-led approach to security enables agencies to contextualize potential threats, make confident decisions, and protect their critical assets.
Watch this rapid-fire discussion now for their thoughts on how to improve your team’s intelligence approach, and read on for some key takeaways from the conversation.
Ransomware Actors Are Evolving
The crisis environment has opened the door for new ransomware attacks as threat actors evolve their methods. Not only do they encrypt organizations’ files, they now steal them and threaten to expose them to the world. “These attacks are very scary for organizations, but they also present opportunities to detect and block exploit kits and their loaders before the damage is done,” said Allan.
To successfully carry out a double extortion attack, threat actors need to spend time — days or even weeks — inside the network to steal and encrypt hundreds of machines. In doing so, they leave breadcrumbs behind.
“With the right security intelligence and trusted indicators in hand, defenders can go on their own ‘hunting missions,’ and respond quickly to stop attackers before they can steal files and encrypt data.”
Gain Insights to Prioritize Patching
Vulnerability management is hard. It’s a problem our industry has been grappling with for more than 20 years, and still hasn’t been solved. However, vulnerabilities are manageable when they’re intelligently prioritized.
“It starts with good asset management — what systems and tools you have. This helps you eliminate many of the vulnerabilities that simply do not pertain to your organization,” explained Allan.
Security intelligence empowers vulnerability management teams to understand what the threat is based on external data from an unrivaled range of sources, and what your network looks like through a contextualized internal view. “This enables them to tell a better, more comprehensive story about the threat to drive rapid patch prioritization decisions based on real risk, and redirect security analysis resources more efficiently.”
Contextualize Threats With Security Intelligence
Intelligence that’s sitting in your inbox while you are looking at your SIEM isn’t doing you any good. Anyone working in a SOC knows that at any given moment, you’re toggling between at least 40 open tabs. You need intelligence that’s useful, actionable, and integrated into the tools you’re already using.
Security intelligence and research enables fast triage and enables you to communicate and create metrics that align with bottom-line business objectives. Allan recalled, “I was recently talking to a customer who received an email from a member of his company’s board of directors, flagging a cyber threat he read about in the Wall Street Journal. He needed to respond quickly. Fortunately, thanks to real-time security intelligence from Recorded Future, he had already read up on the threat and had a response in hand for all of his questions!”
Watch the On-Demand Webinar
Recorded Future delivers the world’s most technically advanced security intelligence to disrupt adversaries, empower defenders, and protect organizations. Elite security intelligence makes government security teams and tools more effective — from security operations and response, to vulnerability management, to third-party risk management, and much more. To learn more, watch the webinar on-demand now.