What is Cyber Threat Intelligence?Cyber threat intelligence is more than just a data feed of user behavior, real-time threats in the wild, active exploits, and temporal data. It gains the highest value when it is merged with relevant information from your organization to provide a profile of the risk and threat; much like the sample risk matrix Impact versus Likelihood. Cyber threat Intelligence helps define the Likelihood in the matrix based on activity in the wild and within other organizations, while traditional non-tangible measurements define the Impact.
Performing a Risk AssessmentWhenever an organization performs a risk assessment, they try to consider multiple variables based on the user, asset, resource, location, and many non-tangible criteria like hardening, exploits, vulnerabilities, risk surface, exposure and mission. A complete risk assessment model is a daunting task to manually complete if you consider all the possible vectors and methodologies to actually quantify the risk. In general, risk assessments start with a simple model (as illustrated below) and each vector gets documented and a risk outcome assigned. When we are dealing with multiple risk vectors, the results can be averaged, summed, weighted, or used with other models to produce a final risk score. From a vendor perspective, many of these technologies are proprietary and even patented.
Why Automation is EssentialTo make this process efficient and reliable, automation and the minimization of human interaction is of primary concern. Anytime human judgement is applied to a risk vector, the potential for deviations in the results is higher due to basic human opinions and errors. This implies that risk assessment models benefit the most when reliable and consistent data is readily available for interpretation verses just a user discretion.
The Role of StandardsWhen documenting risks for cybersecurity, the industry has several well-known standards for many of these vectors, including:
- Common Vulnerabilities and Exposure (CVE) – a standard for information security vulnerability names and descriptions
- Common Vulnerability Scoring System (CVSS) – a mathematical system for scoring the risk of information technology vulnerabilities
- Common Weakness Enumeration Specification (CWE) - provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code
- Common Configuration Scoring System (CCSS) - a set of measures of the severity of software security configuration issues. CCSS is a derivation of CVSS.