Secure user environment
How to get information about current cyber threats?
Challenge
With the Russian invasion of Ukraine, the number of cyber attacks on organizations managing critical infrastructure in Poland has increased significantly. A successful attempt to breach systems can lead to losses that are impossible to mitigate in the short term. How and where to get information about current cyber threats in order to secure the organization in case they occur?
Specific types of cyber attacks usually target specific IT systems operating in a particular industry. There is a high probability that if, for example, a health care facility has encountered a certain type of attack, another may also be exposed to it. Moreover, the systems it uses may contain vulnerabilities that will sooner or later attract an attacker.
Solution
Obtaining information on current cyber threats is possible thanks to Threat Intelligence class systems. Their operation is based on source monitoring and continuous tracking and analysis of current cyber threats. Moreover, they also allow exporting data for further processing. This data can be imported into a company’s existing cyber security infrastructure.
Threat information from Threat Intelligence systems feeds into SIEM and SOAR-type platforms, and the transferred data is used by rules that automate remediation activities created within these platforms. Automation minimizes the needed input from the security team when an attack attempt actually occurs. A Threat Intelligence class solution that implements the described assumptions is MISP Threat Sharing.
Effects
Searching for information on how security teams in organizations similar to ours deal with specific threats, and being able to share lessons learned with other companies in the industry, allows us to not only gain comprehensive knowledge about current cyber threats, but also how to protect ourselves from them.
