Cybersecurity can often feel like an endless cycle of acquisition and deployment. Cybersecurity teams will acquire and deploy the latest solutions for protecting their organization’s data, only for threat actors to discover new ways around those defenses in quick succession. However, building strong cyber defenses isn’t about having the latest technology; it’s about having the intelligence, expertise, and execution to use that technology effectively. By optimizing threat intelligence capabilities, agencies can acquire the tools and skills they need to defend against cyberattacks.
Earlier this year, Forrester released a report evaluating various external threat intelligence services based on their strategies, current offerings, and market presence. The report found that the elements of a strong threat intelligence solution included intelligence analysis, vulnerability intelligence, and an innovation roadmap.
According to the report, “It’s impossible to thoroughly track cyberthreats and the campaigns they undertake without access to primary source intelligence — direct observations via incident response engagements and access to the sensors that observe threat activity.”
In a recent podcast, Michelle Cantos, Mandiant’s Senior Threat Intelligence Analyst, and Luke McNamara, Mandiant’s Principal Analyst, discussed the various methods by which threat actor groups are leveraging Artificial Intelligence (AI) in their cybercrime operations.
Mandiant’s researchers found that AI acts as a force multiplier to add a layer of complication to pre-existing campaigns. By leveraging AI, threat actors can further disrupt normal operations, make new initial access points for supporting subsequent parts of campaigns, and augment campaigns to make them more frequent and more effective in the future.
In a conversation with Government Technology Insider, McNamara discussed how threat intelligence can optimize cybersecurity efforts. “External threat intelligence can play a useful role in not only shaping that initial view of the [threat] landscape, but on an ongoing basis allow organizations to better understand how these threat actors may be evolving in terms of capability or what campaigns they may be currently conducting domestically and abroad,” McNamara said.
Currently, Mandiant’s researchers are building a better understanding of how threat actors are leveraging AI in their operations. However, as AI becomes more widely available, agencies need to be aware of how cybercrime operations may leverage AI capabilities in the future.
“We may be in a period right now where a number of factors — such as the increasing law enforcement action to even the conflict in Ukraine — have caused disruption within the ransomware ecosystem landscape,” McNamara said. “There are a lot of changes happening right now, and as we see claims by some groups that they are shuttering operations it’s important that we pay attention to see what sort of ecosystem emerges out of this period of change.”
As technology evolves, agencies need to transform both internal operations and their defenses against these emerging cyber threats. Having access to external threat intelligence is extremely valuable for agencies when trying to mitigate risk.
Learn more about how to integrate and optimize threat intelligence capabilities by clicking here.