How to Maximize Threat Intelligence with a Human Touch

Companies are actively maturing their cyber security posture through a host of methods, from embracing an expanded tools portfolio to investing in add-on intelligence services that provide additional protection and context relative to advanced threats. Another key building block being embraced is embedding professional threat intelligence experts into internal security organizations to turbocharge the resource pool and to maximize the impact of intelligence for enterprise security.

This approach has appeal because organizations already are scrambling to recruit basic cyber security talent, let alone gain access to sophisticated intelligence experts with knowledge and experience in thwarting advanced attacks.

Cybersecurity Ventures, a researcher in the cyber security economy, estimates there will be 3.5 million unfilled cyber security positions by 2021, making it next to impossible for companies to keep pace with the dramatic rise in cyber crime, which is expected to cost enterprises $6 trillion by 2021. A study by the Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESG) found the cyber security skills shortage now affects nearly three quarters of organizations (74 percent) with 63 percent confirming they are falling behind when it comes to providing adequate levels of training to their cyber security staff.

Symantec’s recently-released Cloud Security Threat Report (CSTR) confirms that the cyber security skills gap is one of the biggest obstacles that companies face in effectively responding to cloud security threats. The vast majority of respondents (92 percent) confirmed a need to shore up the skills of existing security staffers while 84 percent said there was an imperative to increase the number of cloud security employees to ensure an effective security posture.

“Intelligence is a complex field which requires highly skilled personnel to do effective analysis; and those people are hard to find,” says Albert Cooley, Symantec’s director of product management for DeepSight, a cloud-hosted cyber threat intelligence platform drawn from Symantec’s portfolio of security products and the Symantec Global Intelligence Network, the largest civilian threat collection network. “Being able to tap into the world’s foremost experts on cyber intelligence is very attractive for governments, large banks, and other companies.”

Applying DeepSight Intelligence

Symantec is offering its enterprise customers the ability to tap into that cadre of intelligence expertise via a program that embeds threat expert talent directly into a company’s own security ranks. Offered as part of the portfolio of professional services surrounding DeepSight, companies can contract for Symantec’s highly-trained personnel to work on-site at a firm for a specific duration—typically anywhere from one to three years, Cooley says.

Aimed primarily at large entities such as government and defense agencies, and the military along with commercial players in industries like finance and pharmaceuticals, the embedded analyst program is a consulting service that Symantec makes available to help organizations get greater value out of DeepSight intelligence data. With the service, the analyst contextualizes the intelligence in a way that is specific to the unique challenges and needs of a customer’s own environment.

The embedded analyst approach offers a number of advantages for maximizing the value of DeepSight threat intelligence services. Embedding a Symantec expert within the security organization fosters a keen understanding of a firm’s unique business needs as they relate to security challenges, allowing threat intelligence to be interpreted in a way that has a direct correlation to the specific situation as opposed to general findings.

For example, embedded analysts typically review incoming intelligence reports that outline the most pressing threats facing global customers, selecting those that present the most significant risk to the client for special treatment.  The embedded analyst might then produce a custom report that outlines why a specific cyber crime group would target that individual organization, how exactly they might gain entrée, even down to the level of what specific email addresses they might leverage.  This information would be incorporated into management risk reports and be used by various operational teams to put in place protective controls.

“Intelligence provides a broad and dynamic view of the threat environment. Applying it specifically and uniquely to your environment will yield the best results,” Cooley says. “Having an embedded analyst helps accelerate the application of intelligence to your environment.”

An embedded analyst also can jumpstart security organization training and mentoring, not just in effectively leveraging DeepSight intelligence, but in overall cyber security best practices. Symantec embedded threat analysts get access to proprietary Symantec tools and information that’s not available to the general public or to other security professionals, which enables them to apply unique capabilities. They also have access to the Deepsight and Symantec intelligence community, so they can serve as a conduit to get answers to security questions and concerns more quickly while presenting them in a business-specific context.

Embedding threat intelligence analysts on the team also ensures organizations maximize their investment in DeepSight. “The service gets organizations up and running and understanding intelligence quickly while monitoring them over time to make sure they are using it to the full potential,” Cooley says.

Given the scope of today’s threats and the scarcity of top cyber security talent, an extra hand may well be worth it.

To learn more about Symantec DeepSight and the embedded analyst program, call your local Symantec account manager.