The best practice in cyberdefense is to discover your vulnerabilities and then correct them as soon as possible. Unfortunately, the process for this discovery can be painstaking and slow.
Analyst observation is usually needed, or often the analyst just ends up detecting an actual active threat attempt in progress. In fact, far too many vulnerabilities are only discovered after a successful attack is already conducting network infiltration and data exfiltration.
A different approach is to focus on stopping vulnerabilities in a proactive manner, before they would be discovered. This approach has some obvious advantages. It gives your cybersecurity team time to figure out the best corrective measures before a breach succeeds. Second, and more obvious, if you can do this, your chances of sustaining a successful breach are greatly reduced.
It sounds like a great idea, but is it feasible? Is there a solution that could do this? By leveraging verified threat intelligence, organizations can shield their network from known, high-risk sources.
This works because threat intelligence can provide great coverage. There are now almost no vulnerabilities or threats that are not covered by some intelligence, and this threat intelligence is readily available, with a market that is active and vibrant. There are also services that can apply the threat intelligence for you and actively defend your network.
Are your firewalls and IDS/IPS systems enough to accomplish this? The short answer is no. Firewalls and IDS/IPS systems just cannot handle the enormous amount of threat indicators efficiently. They can only do a small fraction of the shielding that is needed. Also, these devices don’t have the context and analyst information to apply the indicators correctly.
All critical enterprises should be actively employing an advanced shielding service. Properly used, applying threat intelligence in this way will greatly reduce your security team’s burdens and discovery times. It will also decrease the burden on the back-end security stack (firewalls, IDS/IPS, SIEMs). This will dramatically increase the efficiency of your entire defense program.
Cybersecurity teams no longer need to wait for a vulnerability to be exposed before doing anything. By proactively shielding from known threats, the practical effect of a vulnerability is already mitigated. Best practice is to always find and fix vulnerabilities, but if shielding from high-risk indicators is in place, most attacks would be stopped anyway. Shielding the known threats can protect the enterprise from yet unknown vulnerabilities, long before they are discovered by other means.
