Security Intelligence – Computer Age’s Spy Thriller

Nowadays, many security industries are making use of the term “Security Intelligence” when it comes to stopping the criminals behind the sophisticated threats against the company’s data and information. Is it even possible to use human intelligence to deter cyber threats, improve incident response and increase the security from the network to the company’s boardroom?

With the different security breaches as well as insider frauds running rampant nowadays, network security is the number one concern of many companies, IT experts and law enforcement agencies today. And there is a good reason behind this because the threat have become more ambitious, sophisticated and dangerous than ever. Unlike before where victims were just unlucky individuals; today cyber attacks are intended for specific victims only.

The worst nightmare of every company is suffering massive breaches in their data. However, not all data breaches are the result of outside threats, sometimes breaches can be caused by insider threats and it is always possible to every organization – whether public or private. Bots, worms and viruses floating in the Internet are random and anyone can be a victim and somehow companies can feel much safer from them than insider threats. The stakes are high when facing insider threats and companies are never immune from them. But external threats shouldn’t be forgotten because a determined intruder will always find ways to get through the security system.

All cyber problems whether inside or outside threats, starts with gathering intelligence, surveillance and then followed by the incursion. When we look at it in a different point of view, cyber threats is like a modern day high-tech spy thriller. Unlike in the past where online threats were made by arrogant IT experts alone who want to showcase their programming skills, the threats nowadays have lead to organized cybercrime syndicate, theft to intellectual property, national and international security.

The solution is almost the same as every spy movie; IT experts, companies and law enforcement must spy on those spying on networks – in simpler terms, counterespionage. Tools and technologies in network security may not have the ability to completely protect the system, but it is still helpful. The firewalls, IDS, IPSes, VLAN devices, endpoint security programs and the rest of the network infrastructure is a wealth of cyber security intelligence.

Security intelligence is the collection and analysis of information or data that has been generated by the users, application and also the infrastructure of the system; it determines the impact those have on the network security and the risk it brings to the company. Security Intelligence provides actionable and also comprehensive insight on how to reduce or prevent any threats.

In incident handling training, network administrators are taught how  collect logs and information regarding events from firewalls, IDS, IPS, web servers, social media, applications, identity management or DLP solutions.  Administrators will have the needed skills and knowledge on how they can gather intelligence and information regarding illegal or irregular activities on the system. The reason why network administrators have to do this is because data thieves and hackers have become smarter when it comes to avoiding detection and hiding their traces. But with having a broader telemetry collection, it is possible to create better means in protection and it is possible to cover more ground and search every hiding place where hackers can hide.

Security intelligence can be used to analyze activities in the network. An example is when there are more than 3 login failures in a certain part of the system and then followed by a successful login. There could be a possibility of a forceful entry in the system using a password attack. Analyzing every normal event and activity in the system and also identifying suspicious behaviors on the system is the best way to detect sophisticated threats to the system.

Of course, intelligence gathering is worthless without situational awareness. Situational awareness will provide analysis on the timeline of the attack, profiling the entire cyber infrastructure before any attack can occur, detecting attacks and forensics analysis if the data has been compromised. It is also needed in identifying the user, profiling the assets of the company and analyzing their strengths and vulnerabilities. A better situational awareness can be obtained by undergoing incident response training.

There is no such thing as coincidence in the world of cyber warfare. The battleground would always be the company’s network infrastructure and the administrators and security experts are the security team spying on those who spy on the company’s system.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in incident handling.

More information about EC-Council is available at,  www.eccouncil.org.