Cybercriminals attack any organization, regardless of size. While enterprises typically rebound from the customer confidence problems and other issues that come after a data breach, some small and medium-sized businesses (SMBs) never recover. Within 24 months of a major data loss, 72% of businesses are forced to shut their doors. Many businesses are understaffed, underfunded, and don’t have the time or expertise to defend against malicious actors.
Managed service providers (MSPs) and managed security services providers (MSSPs) are well-positioned to provide SMBs with the threat data, intelligence, experience, wisdom, expertise, and focused attention needed to identify and control attacks.
In this executive summary, you’ll learn how MSPs and MSSPs can use threat intelligence to prevent hackers from attacking customers’ systems.
- Hackers have an advantage.
- Sharing threat intelligence can help the defender community prevent attacks.
- MSPs can bring threat intelligence to customers with unified security management.
- AT&T Alien Labs Open Threat Exchange offers free threat sharing for security professionals.
AT&T Cybersecurity discussed how MSPs and MSSPs can use threat intelligence to prevent hackers from attacking customers’ systems.
Hackers have an advantage.
As the cybercrime community grows and becomes more organized, hackers have the advantage over information system defenders.
If there are 1,000 attacks, an attacker only has to be successful once. The defender has to be successful 1,000 out of 1,000 times.
More hackers are joining the computer criminal community as the tools available to them to run a successful attack require less technical expertise than ever before. The criminal computer community is also well organized, sharing the knowledge and exploits that allow them to succeed.
Time, money, and even legal protection all give attackers the upper hand. In some regions of the world, attackers aren’t just protected by the legal systems; they are funded by the government.
Conversely, information system defenders are understaffed, underfunded, and lack the time and knowledge to protect an increasingly complex IT infrastructure. SMBs, in particular, are at a disadvantage when trying to prevent or rebound from an attack, but even enterprise organizations are not immune from security breaches.
Sharing threat intelligence can help the defender community prevent attacks.
IT teams and businesses shy away from sharing information about security attacks and breaches they have experienced. But sharing threat intelligence with the wider defender community raises awareness about attacks and breaches, ultimately lowering the incidence of attacks and the success rates of attackers.
Sharing threat information is a key part of successful threat intelligence: information about malicious actors, their tools, their infrastructure, and their methods. Numerous vendors today offer threat intelligence tools, but the information collected isn’t openly or easily shared across products. The data given to IT needs to be more than just raw data; it needs to be insightful and actionable.
When you’re looking at intelligence, you want to make sure it’s actionable.
MSPs can bring threat intelligence to customers with unified security management.
Businesses, especially SMBs, are looking to MSPs to help them manage threats. MSPs can benefit from using a unified security management solution, such as AT&T Alien Labs Threat Intelligence.
A unified security management platform integrates security information and event management (SIEM), behavioral monitoring, intrusion detection, vulnerability assessment, and asset discovery tools to provide a complete view of the threat landscape. The system offers up-to-date threat intelligence so that MSPs and MSSPs can provide customers with protection against current security threats.
Alien Labs Open Threat Exchange offers free threat sharing for security professionals.
MSPs, MSSPs, and other security professionals can take advantage of AlienVault’s Open Threat Exchange (OTX). The free online open threat intelligence community enables collaborative defense with actionable community-powered threat data.
The OTX™ has more than 47,000 participants located in over 140 countries. The excess of four million threat indications contributed daily are integrated with the unified security management platform to alert users when known bad actors are communicating with the system.
Source: AT&T Cybersecurity