In the age of web services and cloud technology, other techniques are required to provide effective protection against future threats. Local solutions such as virus scanners or personal firewalls, which are set up according to the classic pattern, have a big Achilles heel. The time that elapses until virus definition updates are available after a new malware is detected.
Science of counteracting the cyber threat
Since the security software can no longer work with simple signature comparisons with the number of different malware types, it must observe and analyze the behavior of the software.
At this point, a scoring is created on the basis of indications and the consolidation of messages. The heuristic procedures used are remotely comparable to the methods used by credit reporting agencies that try to determine creditworthiness. Cyber Threat Intelligence offered at webint is roughly simplified as a kind of security credit report for software and access.
In the context of today’s security requirements and the importance of functioning computer networks, this topic is also of great importance at the international level. Examples would be hacker attacks by secret services on targets abroad or meddling in election campaigns by manipulating social media.
Properties and special features of cyber threat intelligence solutions
Cyber threat security always requires a holistic approach. Depending on the concept, good results can be achieved in smaller companies with coupled firewalls, application proxies, and endpoint solutions. As a rule, subscription customers receive definition updates from the manufacturer of the solution at regular intervals. Many such solutions transmit telemetry data from the scanned systems in real-time so that the manufacturer can compare this data with data from other systems and, if necessary, identify the first “needles in a haystack” before they mutate into a massive threat.
Even smaller UTM (Unified Threat Management) firewalls nowadays often have this feature, which is usually subject to a surcharge, that the appliance transmits content to be scanned to the manufacturer (or its signature values). The greater computing power and database of the manufacturer’s security cloud helps here with the timely recognition of potential threats.
Other solutions can be coupled with the systems of the Internet provider so that brute force attacks can be fended off at the provider level before they block the lines or bring a local firewall appliance to the limits of its processing capabilities.