Threat information without context is useless

November 5, 2015

Fred Donovan

In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses. - See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf

On Wednesday, I attended an interesting panel on operationalizing threat intelligence at the Advanced Cyber Security Center conference held in Boston every year.

On the panel were Bruce Bakis, principal cybersecurity engineer with non-profit research organization MITRE; Christopher Harrington, senior consulting security engineer with EMC's Critical Incident Response Center; John Toomer, director of the intelligence, information and cyber systems defense at Boeing Government Operations' Space Security Group; and Peter Kurek, information assurance manager and assistant team chief for the Computer Network Defense Team at the Massachusetts Army National Guard.

Bakis defined threat intelligence as: "information about the threat and defenses that are in context." He stressed that threat intelligence out of context is not "actionable."

Harrington agreed that to make threat intelligence usable by IT security pros, it needs to be put in context. "We get information from all over the place: IP addresses, email addresses, URLs of malicious websites. Without some context as far as why they are malicious, we don't consider that threat intelligence. It is information that could lead to an intelligence product."

From Boeing's perspective, Toomer noted that the company is a generator of intellectual property, which is the primary target of attackers. "We take an approach that is holistic. We look carefully at tradecraft [intelligence techniques], our internal enterprise hunters look at how we are being attacked, where they are attacking us and attack vectors," he said.

Read Full Article

SBA Unveils Small Business Cybersecurity Tools
Credit: Mark Van Scyoc

In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses.

In the wake of high-profile data breaches, many businesses are eager to implement a more robust cybersecurity strategy. The SBA's cybersecurity page, launched earlier this month during the "Cybersecurity at Work" week, offers advice and tools for small business owners who are seeking to better protect both their own data and their customers' data. In 2013, 44 percent of the 800 small business owners surveyed reported having experienced a cyberattack that resulted in an average cost of nearly $9,000, according to a report by the National Small Business Association.

"Cybersecurity is one of our nation's most pressing national security priorities, and America's 28 million small businesses, which create two out of every three new jobs in the U.S., are especially at risk," SBA Administrator Maria Contreras-Sweet said in a statement announcing the Web page. "Small employers are quickly becoming a larger target for criminals looking to access sensitive data because small businesses typically have limited resources for information systems security. In an effort to combat cyberattacks against small businesses, the SBA's online tools will help employers identify information security vulnerabilities that put their companies at risk."

- See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf
In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses. - See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf