Locating your Cyber Threat Signal from the CTI Noise

By Public Sector Network | June 28, 2022

As one of the most targeted segments, government agencies IT Security teams are faced with a never-ending battle to keep their environments secure from every new threat. Like the story of the boy and the dyke, there are just too many holes and not enough fingers.

Cybersecurity Threat Intelligence (CTI) is a critical asset in having line of sight of what you are facing.  Australian government agencies have able to access to a large and increasing range of quality CTI feeds, but how do you stop the multiple and voluminous CTI feeds from becoming a fire hose?

As an analysis of current threat actor’s motivation, targets and Tactics, Techniques and Procedures (TTPs) CTI provides threat defenders with an understanding of the overall threat landscape. Busy and under-resourced IT Security teams need to know what intel to prioritise.

Responding to every new threat is beyond the capability of even the most well-resourced IT Security team. While SOAR and other automation platforms can take much of the load out of implementing responses to IOCs flagged by CTI, they require development and maintenance.

It’s the same when it comes to proactive threat hunting in your environment in response to what your CTI is telling you. When there are hundreds of IOCs to look for, but where do you start?

Another challenge is that many of the great CTI feeds available are not tailored specifically for government as they by necessity include the many financial threat actors that make up the majority of APTs, rather than concentrate on the few states sponsored APTs that target government.

You need to translate the intel you receive into actionable information. In its simplest form, what you need to know is:

  1. Who is attacking, or about to attack? (i.e.: who are the APTs targeting government agencies similar to mine)
  2. What in my infrastructure are they targeting? (i.e.: what assets do they value)
  3. How are they attacking me? (i.e.: what TTPs are they going to use)

These are issues faced by almost every government ITS team we speak with and will be discussed in depth in our upcoming Public Sector Network in collaboration with Macquarie Government’s exclusive online webinar on Sifting Through Increasing Cyber Security Noise on Wednesday, 13th July 2022 at 11am, AEST. You may view the agenda here or secure your complimentary pass here.

Join our panel of government cybersecurity experts looking at both the intel and operational data specific to government agencies to learn more about these issues.

We look forward to welcoming you online!

Like