A couple of weeks ago, I published an article in Security Week called “What Will Your Opponent Think Tomorrow.”The article is about being proactive and not reactive in security, and taking the time to really “understand what your opponent will think tomorrow, not find out what he thought yesterday.”
One of the other more critical ways is to really understand what our opponents will think tomorrow is via threat intelligence. Dark Reading recently published an extremely interesting threat intelligence article called “How To Use Threat Intelligence Intelligently”. The threat intelligence problem is an acute one for the industry because if we can share and pool our knowledge about attacks and attackers, then we can be more efficient and proactive about addressing them.
But, the article highlights the current limitations of consuming threat intelligence today, which is how to operationalize it. Threat intelligence can include a number of rich context—from motivation and intent of adversaries, their campaigns and technical indicators, the malware used, and the vulnerabilities being exploited. Without having a team of really smart analysts analyzing threat intelligence feeds, how can you really make the best decisions about what you’re seeing?
We’re excited today to announce our latest innovation in addressing these issues. Today, we announce the ability to consume threat intelligence information and transform them into breach methods. This enables the average organization to understand how applicable indicators of compromise would play out in their environment in a practical, actionable and proactive manner.
Let’s frame this in the context of an analogy - If there is a series of house burglaries in your neighborhood, threat intelligence is the modus operandi (MO) for the burglars. Threat intelligence tells you the burglars are breaking into the house via a back door window, while the owners are away for the weekend. Breach simulations is the validation to see if you are vulnerable to this specific attack, using the same techniques that the attackers are using.
Our initial integration is with FireEye iSight Intelligence, a very powerful threat intelligence feed, particularly combined with the Mandiant real-world investigative data. All you need is the FireEye iSight APIs that you input into our platform, that automatically transforms them into breach methods. Breach methods powered by FireEye iSight threat intelligence feeds are designated in its own section on the SafeBreach dashboard, and clicking on the breach methods references the specific threat intelligence reports that are being simulated.
The SafeBreach ability to weaponize threat intelligence and truly understand the activities that represent specific priority threats allows security analysts to dramatically improve their ability to anticipate future attacks, challenge their security defenses and train their security operations center (SOC) teams.
Our threat Intelligence integration offers a number of important benefits, including:
We are so excited about this integration for FireEye and SafeBreach customers, and we hope you are as well.