Digital threats pose a big challenge for organizations today, and cybercrime groups are only getting better at achieving their goals: In 2016, nearly one billion personal records and over one billion credentials were stolen, according to an FBI report. Such information is then often sold on the dark web.
But despite these figures serving as a warning for organizations, external notification remains the number one method of breach discovery, the 2017 Verizon Data Breach Investigation Report found.
“That is pretty traumatic, that the best way we can find out that we are on fire is for somebody else to tell us that we are smoking,” said David Monahan, research director at IT analyst firm Enterprise Management Associates.
This is why investing in digital threat intelligence management (DTIM) platforms can come in handy, Monahan said at a recent webinar. Monahan defined digital threat intelligence management as platforms that aid organizations with external threat identification and risk management by locating, gathering and assimilating threat intelligence from a variety of sources, and not just a data feed.
The goal of a DTIM platform is to detect threats quickly so that organizations are not waiting weeks or months to find out a breach occurred, he said. DTIM platforms help organizations discover a breach within 24 hours, which is a critical period for response purposes, he said.
“The DTIM solutions that are out there are searching and looking for your information to help you identify them on the web, and find 75% of the breaches out there,” he said. “We don’t want someone else to tell us when there is a fire.”
DTIM solutions can also help companies identify fraud, he added.
“It’s also about other organizations that are trying to induce fraud by using your brand name,” he said. “They are going to use that so that they can gather your customers fraudulently or cut into your market share. Without that kind of a [DTIM] tool there is really no way that you are going to find that information.”
The first types of DTIM platforms were threat intelligence feeds, Monahan said. Later, the platform began to evolve but was still being driven by internet protocol information — whether it be domain information, IP addresses or host names, he said.
The next evolution of digital threat intelligence management brought in better analytics and processing, he said. Today, DTIM platforms no longer just look at internet protocol information, but also at social media, mobile apps and the deep web, he said.
“We are looking across all these platforms and data … within that it’s all coming into a central user interface that can be filtered, searched, queried and investigated. You can use that to manage your investigation,” he said.