Use cloud threat intelligence to protect critical data and assets – TechTarget

admin on February 25, 2024 Leave a Comment

Many organizations now store more sensitive data and assets in the cloud than on premises -- and attackers have taken notice. Organizations need to know the threats attackers in the cloud pose. One way to keep abreast of potential attacks is using cloud threat intelligence.

Threat intelligence involves the collection, classification and exploitation of knowledge about adversaries. Teams collect security intelligence data from a variety of sources, including logs, security controls and third-party threat intelligence feeds, and then analyze that data to mitigate risks.

As the cloud becomes more ubiquitous, it must become an integral part of the threat intelligence process. Security engineering and operations teams should dedicate time and resources to the development, collection and implementation of cloud-specific threat intelligence.

Organizations can collect cloud-specific threat intelligence from several external sources, including cloud service providers (CSPs), threat intelligence providers and managed security service providers.

Security teams need to develop both strategic and operational threat intelligence. Strategic threat intelligence involves executives and nontechnical stakeholders shaping risk management decisions.

Examples of strategic cloud threat intelligence include the following:

Operational threat intelligence is more tactical in nature. It helps inform security operations center (SOC), threat hunting, DevOps and other technical teams.

Examples of operational threat intelligence include the following:

To effectively implement cloud threat intelligence, organizations need the proper team and technologies.

A cloud-focused threat intelligence team should, depending on an organization's size and capabilities, include the following primary participants:

Secondary participants might include internal risk management teams and executive leadership. Third-party analysts can also provide threat intelligence and cloud security insights.

To facilitate building a base of consistent and usable cloud threat intelligence, organizations should implement and monitor the following technologies:

Security teams should define use cases and develop integration playbooks that make collected data actionable. This helps make informed risk decisions and enables more accurate and targeted threat hunting and response investigations. Building a dashboard of risk changes detected and monitored over time can also help distill cloud threat intelligence into metrics and KPIs for executives.

Dave Shackleford is founder and principal consultant with Voodoo Security; SANS analyst, instructor and course author; and GIAC technical director.

Read the original here:
Use cloud threat intelligence to protect critical data and assets - TechTarget

Related Posts
Posted in Cloud Hosting

Comments are closed.