Insight by Anomali

Strategic threat intelligence in government

Today’s federal information technology leader is bombarded with malicious actors. Systems are attacked at an unimaginable frequency, with estimates reaching up to 40 million attacks per day.

For large Security Operations Centers (SOCs), estimates indicate hundreds of millions of events per day. Dozens of security solutions are assembled to provide constant response to these attacks, resulting in errors due to human fatigue. A recent study by Cisco indicates that security teams ignore 50 percent of the reports they see daily.

Federal agencies have a limited amount of time and money to understand these attacks. One systematic approach is to develop an intelligence system that can analyze and classify threats so that resources can be deployed for a timely response. But while such an approach has seen success, federal agencies still face the challenge of taking those concepts and working with strategic concerns.

Anomali provides a framework for gaining a better understanding to inform high-level leaders in making specific decisions. This systematic framework is accomplished by knowing the threat landscape, allowing for a collaborative effort in yielding risk scores and possible outcomes for a given attack.

On December 10, 2018, the Office of Management and Budget released a memo titled, “Strengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program.”  Rather than reacting to mounting threats until resources are exhausted, federal high value assets can be protected more effectively by embracing a more structured and predictive method of analyzing attackers. Strategic risk intelligence has been documented to allow organizations to respond faster and increase staff productivity.

The MITRE ATT&CK Framework

So on both ends of the spectrum, we're facilitating the production and the collection of that data. But we're also enabling the integration of that data to make it useful on your network as well.

Cyber Threat Intelligence

From an organization's perspective, threat intelligence is much more temporal in nature. It changes very quickly […] it's really important that our devices and our security controls have the ability to meet that level of change within the adversary as well.

Collaboration and Security

Otherwise, just knowing it's a high value asset is that first base level step. We need to take it further by enabling advanced detection and prevention on that.

 

Listen to the full show: 

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.