Illumination is a full-loop process. Positive and negative currents lead from the energy source to the light bulb and voila . . . let there be light!
But are you in the dark about how to stop #cyberattacks? Check your wiring. In #cybersecurity, one of your most important energy sources is the #intelligence analysis cell. To leverage the power of the cell, you must loop both the positive and negative analyses back to the #SOC and network architects to drive continuous improvement of your defense and protect assets and shine the light on your weak points.
An intelligence analysis cell (IAC) is critical to a mature cyber program. The Intelligence Analysts (IAs) keep their fingers on the pulse of the threat landscape. The IAC gathers intelligence—both internally and externally. Internally, the IAC analyzes the daily #attacks on your network and products. The IAC leverages these artifacts for better intelligence through reverse engineering, pursuit of subsequent stage #malware, querying open source, paid subscriptions to services and external partners, all of whick can enhance intelligence.
All of this intelligence must be analyzed within the context of a framework such as the “Cyber Kill Chain” developed by Lockheed Martin. This framework sets forth the stages of behaviors which must be executed to successfully penetrate a network. Intelligence Analysts deconstruct every attack to reveal the detailed techniques used by the attackers. This information is then fed back to the #detection team, #network architects, and #software designers to ensure any behavior repeated in any stage of an attack is either stopped or can be detected.
So, it’s great that you now have your intelligence parsed and analyzed. But how do you build it into the broader, industry-wide feedback loop to ensure your supply chain and business partners remain illuminated? Industry partners compete on many levels but they must share security information and keep their customers confident in the #resiliency of the industry. Sharing intelligence creates opportunities to further enhance your intelligence as well as cut risk in your industry. Sharing raises awareness in your supply chain. This is the role the Aviation ISAC plays in the global #aviation ecosystem.
The feedback loop is a circle that should never be broken. Network architects, detection teams, software engineers, and intelligence analysts must meet routinely. They must be invested in the good work of each other’s teams to maintain a healthy line of communication. Ideas for continuous improvement will be illuminated from the positive and negative feedback which comes from the hard work of analyzing the threat landscape and the artifacts of attacks on your company, your industry.
Is the energy flowing in your IT risk organization? How often are your IAC, detection teams, network architects, and software engineers meeting? Illuminate!