Recently, IBM Security and Ponemon Institute published The Third Annual Study on the Cyber Resilient Organization. The theme of cyber resilience has gained momentum over the last few years as organizations realize that cyber risk is not an IT risk but a broader business risk. The report defines cyber resilience as “the alignment of prevention, detection, and response capabilities to manage, mitigate, and move on from cyber attacks.”
The key conclusion from the report is that organizations continue to struggle with responding to cyber incidents due to a lack of formal incident response plans and lack of budget.
Here’s a few interesting data points from the report:
- 57% of respondents said the time to resolve an incident has increased
- 65% reported the severity of attacks has increased
- Insufficient skilled personnel dedicated to cybersecurity was the second biggest barrier to cyber resilience (lack of investment in artificial intelligence and machine learning was the first)
Aside from more people and budget, the study highlighted how threat intelligence is key to improving cyber resilience.
Threat Intelligence & Cyber Resilience
The study highlights that sharing threat intelligence is a key initiative to improving cyber resilience and a key attribute of highly cyber resilient organizations. The good news is 53% of respondents participate in a program for information sharing with industry and government. The bad news is that means 47% don’t. This is despite 77% of respondents indicating sharing threat intelligence improved their security posture and 72% indicating it improved the effectiveness of their incident response plan.
Why aren’t organizations sharing? Lack of resources and no perceived benefits were the biggest reasons followed by cost. We believe the lack of perceived benefits of threat intelligence use and sharing is becoming less of an issue over time. However, lack of resources and costs are more structural barriers.
The good news is that Threat Intelligence Gateway (TIG) technology like our PoliWall TIG™ solution can enable organizations of any size to leverage the power of threat intelligence to become more cyber resilient. Importantly, PoliWall TIG is both cost effective and easy to deploy and manage addressing critical barriers to the use of threat intelligence and information sharing.
What is a TIG?
Gartner in its report “Emerging Technology Analysis: Threat Intelligence Gateways” defines TIGs as “stand-alone network detection and threat mitigation appliances that leverage large numbers of threat intelligence for detection and blocking purposes “on-box” at wire speed.” 1
The logical next question is “isn’t that what my next generation firewall or my intrusion prevention system (IPS) does?”
The answer to that is a small yes and a big NO. Firewalls and IPS systems can only use a small subset of threat intelligence indicators because they weren’t built to handle the massive volume that exists today. For example, at any one time, there are over 10M known threats. However, the best firewalls can only use a few hundred thousand indicators before significant performance issues kick in. TIGs eliminate this issue complementing and improving the performance of firewalls.
How a PoliWall TIG Can Help with Cyber Resilience
TIGs like our PoliWall solution can help organizations with improving cyber resilience in multiple ways:
- Use Threat Intelligence to Improve Prevention and Detection: PoliWall TIG comes out-of-the-box with millions of threat indicators from commercial, open source, industry, and government feeds. PoliWall is open and can easily be integrated with third-party threat feeds. In fact, PoliWall TIG can consume over 100M unique indicators. With PoliWall TIG, organizations can leverage threat intelligence to improve prevention and detection efforts.
- Automate Intelligence Sharing and Use: The open nature of PoliWall TIG, including support for STIX and TAXII, enables not only the ability to share threat intelligence but also the ability to use it to improve your security posture. For example, we have many financial services customers that integrate the Financial Services Information Sharing and Analysis Center (FS-ISAC) threat feed into PoliWall. In PoliWall, the FS-ISAC threat feed is automatically updated enabling information sharing and higher cyber resilience. This is an excellent example of operationalizing threat intelligence.
- Contain Cyber Incidents: While organizations do their best to prevent cyber incidents, the fact is incidents happen. A key aspect of cyber resilience is the ability to minimize business disruption and to be able to quickly bounce back from incidents. From this perspective, organizations can leverage the enforcement capabilities of PoliWall TIG to contain to contain an incident minimizing the potential for additional business disruption.
Threat Intelligence Gateways like our PoliWall TIG can help organizations of all sizes become more cyber resilient. We have over 100 customers using PoliWall and they’re seeing multiple benefits including a significant reduction in attack surface, reduced staff overload due to less alerts, events, and manual log analysis, and they’re also getting more out of existing investments including firewalls and threat intelligence investments.
1 Gartner, “Emerging Technology Analysis: Threat Intelligence Gateways,” Lawrence Pingree, Ruggero Contu, 2 November 2017.