August 19, 2020 • The Recorded Future Team
Servers present the biggest IT security risks in that they process and store every piece of information a business handles — ranging from critical business operations data to sensitive customer information, and from intellectual property to financial records. IT teams responsible for server security and the applications and databases that run on them must apply sophisticated methods that build security postures strong enough to stay ahead of the sophisticated methods applied by threat actors. Security intelligence empowers server security teams to take on this challenge.
It’s obvious why most companies prioritize the security postures of their servers over other components of their IT infrastructure. Servers contain most of the “bounty” that threat actors want to steal. That’s where all the key applications and databases run — successfully breaching a server turns an attacker into a kid in a candy store.
With a sense that these systems are located safely behind the company’s firewall, in some cases, servers are left wide open to potentially monumental attacks. In November, CISOMAG ran a story on how security researchers discovered an open Elasticsearch server that contained unique data records of around 1.2 billion users. The server held more than four terabytes of data, without password protection or authentication.
This is certainly an unfortunate situation. However, for IT teams and business units that are responsible for server security — including the applications and databases running on these servers — a new suite of security intelligence solutions emerged this past year. The overarching philosophy behind these solutions has had a powerful impact on the security posture of server infrastructures. It’s a philosophy server security teams desperately need because servers play an essential role in keeping companies open for business.
Servers: The Lifeblood That Runs the Business
If an endpoint or network component is breached, contingency devices can be rolled out rather quickly, and users can be routed to different network paths. However, if a server is compromised, every user who relies on that server to do their job will be idle until the server can be recovered. If customers rely on that server to place orders, money stops coming in the door.
Recorded Future launched the six security intelligence solutions to drive improvement in your server security policies and controls — whether you are building from scratch or tuning things up as your business processes and supporting server environment expand. Security intelligence amplifies the effectiveness of server security teams by exposing unknown threats and providing information that enables security teams to make better decisions pertinent to the ever-changing environment in which they are working.
By producing a common understanding of external and internal threats, as well as threats related to third-party ecosystems, security intelligence can enable your server team to accelerate risk reduction across your entire organization and support your third-party vendor ecosystem.
The 6 Security Intelligence Solutions
The security intelligence philosophy encompasses six solutions that guide server security teams in building a comprehensive security strategy:
- Brand Protection: Fake accounts, apps, and websites are often designed to profit from maliciously redirected or accidental traffic. These can all result in major damage to a company’s reputation. The security intelligence brand protection solution empowers IT teams to protect their most valuable asset — the company brand — with real-time alerts based on aggregated data from domain registration sites, social media profiles, web pages containing malicious content, and other sources. This makes it easy to find and take down typosquat domains, leaked credentials, bank identification numbers, fake social media accounts, code leaks, and the company’s brand appearing in dark web markets.
- Third-Party Risk Management: Digital connections with suppliers, partners, contractors, agents, temporary workers, and others are now so critical that companies typically share confidential and sensitive information with hundreds of third parties. The company is only as secure as its weakest link; it’s estimated that more than half of all businesses have suffered data breaches through vulnerable third parties. Contextualized third-party risk management helps IT teams make informed decisions and reduce overall risk with real-time security intelligence about the companies in the company’s ecosystem.
- Security Operations and Response: Security operations and incident response are built on the premise of efficiently identifying relevant, previously unknown threats and responding quickly. This enables IT teams to make faster, more confident decisions based on external threat indicators —automatically correlated with internal threat data in real time, and at scale across vast amounts of data and without any manual research.
- Threat Intelligence: Threat intelligence combines knowledge, data, and context to allow security teams to prevent or mitigate cyberattacks, and it’s a vital component of a proactive security intelligence strategy. Machine learning and automation make it possible to aggregate data in real time from open, closed, and technical sources. The two technologies then provide searchable context on who is attacking, their motivations and capabilities, and the indicators of compromise to look for in systems — so IT can make informed and timely decisions.
- Vulnerability Management: Vulnerabilities put the business at risk of attack, and with thousands of critical new vulnerabilities emerging each year, it’s impossible to patch everything, everywhere. Vulnerability management scores risks based on real-time exploitation trends to give IT teams the context they need to make faster, more confident decisions when prioritizing patches and preventing attacks.
- Geopolitical Risk: To defend against and respond to attacks on executives and physical entities, security teams need timely and contextual intelligence. The geopolitical risk solution accelerates critical decision-making with contextual OSINT data on geopolitical threats and trends. This makes it possible to protect people and assets, and to understand shifting dynamics in the geographic areas that matter to the company.
By leveraging these six security intelligence solutions, server security teams can improve their risk and threat analysis as well as their vulnerability management, fraud prevention, and incident response capabilities.
Applying Security Intelligence to Server Policies and Controls
Security intelligence can be applied to specific aspects of an organization’s server security strategy. For example, if an attacker accesses a server in your datacenter containing sensitive information, they could steal customer information or intellectual property and threaten your brand reputation. But with proper intelligence, the server security team can isolate or shut down the affected applications and databases before the breach is exploited and until the threat of data loss or damage is eliminated.
Third-party risk management also comes into play, especially in today’s digitally interconnected world. Just about every business is connected in some way to a unique supply chain that might consist of hundreds of third-party entities. Those third parties each have their own supply chain they are part of. Any server with a weak security posture among your supply chain partners and their partners could eventually lead a threat actor to one of your servers, your databases, and your data.
Security intelligence creates an awareness of the security postures of your own servers and the servers of your vendors and business partners. This is key because experts estimate more than half of all organizations have suffered data breaches through vulnerable third parties. By leveraging third-party risk management and combining it with real-time intelligence, server security teams can protect their data and the brand of their companies with the ability to make informed decisions about overall security risks.
Defend Your Competitive Advantage
The evolution of next-generation digital transformation will generate a multitude of new security vulnerabilities driven by the digital transformation of unique and customized business services. With cyberattacks on servers coming from the open and dark web, third-party partners, customer ecosystems, and even internal threats, a sophisticated security intelligence approach is required to improve security postures and cyber resilience for the systems that matter most to your business.
Proactive security planning that leverages security intelligence minimizes the impact of cyber threats. By addressing cybersecurity across your entire organization, your server security team can enable your company to defend your competitive advantage — by better protecting your proprietary technology, intellectual property, and your supply chain.
Start making your move toward security intelligence today — download the second edition of “The Threat Intelligence Handbook” and find out how the six core solutions of the security intelligence philosophy can provide a comprehensive approach to your server threat-mitigation strategy.