Cybersecurity defences are only as good as the threat intelligence which feeds them, making threat information a critical element for protecting against cyber threats, says Derek Manky, chief, Security Insights & Global Threat Alliances, FortiGuard Labs, the threat intelligence and research organisation at Fortinet. “Effectively defending against cyberattacks today requires security teams to work smarter rather than harder,” says in an interaction with Sudhir Chowdhary.Excerpts:
Give us an overview about the threat intelligence team at FortiGuard Labs? When asked by partners or CISOs I meet, I often talk about how FortiGuard Labs has brought together some of the brightest and most knowledgeable threat hunters, researchers, analysts, tool developers, and data scientists in the industry, located in research labs around the world. But that’s just the start. FortiGuard Labs has also designed, trained, and delivered one of the most advanced AI and ML platforms to augment the efforts of the FortiGuard Labs team. Our primary mission is to provide Fortinet customers with the best threat intelligence designed to protect them from malicious cyberattacks.
From a threat landscape and research point of view, what should be known about FortiGuard Labs? One of the most important aspect of our research is that our telemetry is gathered from Fortinet’s millions of sensors which helps the FortiGuard Labs team identify the real-world threats our customers face. These include threats discovered on network, endpoint, and IoT devices, as well as those embedded in emails, applications, and on the web. But there is more. FortiGuard Labs also has a successful zero-day detection and research operation. Our researchers study threat actors and cybercriminals in order to understand their motives, techniques, and patterns and use that knowledge to help protect our customers.
Partnerships seem to be a big part of threat intelligence today, how is FortiGuard Labs leading in this area? This is a huge focus for us, to go beyond our own research to lead, interact, share, and foster the sharing of actionable threat intelligence. For example, Fortinet co-founded the Cyber Threat Alliance (CTA). Fortinet is also a founding member of and is supporting multiple initiatives for the WEF Centre for Cybersecurity holding one of only two permanent seats on this international council. Fortinet is actively engaged with and has bi-directional threat intelligence feed relationships with more than 200 partners.
What impact do these relationships and this information sharing have on threat intelligence? Today there are a massive amount of security challenges researchers need to be aware of and proficient in to protect against attacks. Different threat actors specialise in network attacks, software attacks, cloud-based attacks, container-based attacks, attacks against critical infrastructure, IoT devices, and many other types of threats. Attackers need to only be proficient in one type of threat, while defenders need to understand a large variety of attack surfaces. Effectively defending against cyberattacks today requires security teams to work smarter rather than harder.
Security teams need a combination of knowledge, experience, tools, strategy, automation, and skilled professionals to monitor the entire attack chain and automate as much of the process as possible so that human resources can be focused on higher order analysis and response. Threat Intelligence sharing gives researchers and defenders an opportunity to better understand the entire length of the attack chain and how vulnerabilities in each of its links can compromise the security of your network.
Security is everyone’s job, not just that of the CISO and the security team. All employees inside a company need to be aware of ongoing threats and why everyone needs to be cautious.