The Importance of Threat Intelligence

July 7, 2020 - Ensighten

Anyone who has been in security for a while will highlight the value of threat intelligence, especially for technology providers. Threat intelligence is the process of analyzing data to discover existing and new attack methods in order to keep up with what is an ever-changing threat landscape. 

The importance of threat intelligence cannot be overstated with respect to security technology providers. Ultimately, it drives a significant portion of their roadmap, allows their solutions to keep up with what is a rapidly changing threat landscape and most of all, allows customers to be properly protected. 

Threat intelligence is more than just watching the threat landscape change and adding new features in reaction to it – it is predicting how the industry is going to evolve and getting ahead of the curve. Without threat intelligence, customers really do not have any idea if the solutions they have implemented is sufficient for their needs, nor do they have any form of understanding about what threats they might face going forward. 

While Ensighten has always maintained technology and resources focused on threat intelligence, we have recently increased investment in this area as the complexity and frequency of client-side attacks has increased. 

 

The difference between origin-side and client-side threat intelligence 

Most threat intelligence is based on the analysis of data – and for IT security-focused intelligence, much of this data comes from traffic analysis. Origin-based solutions have a significant benefit in that they normally sit between the user and a website or API, and as such can monitor the traffic that flows in and out of the origin. 

Origin-based threat intelligence is very valuable to an organization and can help prevent many existing and emerging attacks, which is why criminals over the years have found it increasingly difficult to target organizationsservers directly. There are several great intelligence data sources that can be procured and integrated into technology solutions which are the product of analyzing massive amounts of web traffic. 

But as attacks move towards the endpoint and we see sites such as TicketMaster and Macys hit by client-side web skimming, intelligence gathering must evolve too. One of the challenges with client-side attacks is that the malware runs on the client-side in the browser, and any traffic which would usually be flagged as unusual flows between the browser and the attacker and thus is invisible to traditional research. 

Client-side threat intelligence leverages telemetry data from a website to discover if something is unusual. If for example a JavaScript XHR call suddenly connects to a remote server that it has not connected to in the past, then this operation should be flagged and analyzed. Ensighten is strongly positioned here with our technology focused on client-side security and compliance enforcement; all utilizing capabilities which allow for comprehensive client-side security threat intelligence to be produced. 

 

Increased investment 

With the desire to bolster an already leading offering, Ensighten has expanded all resources relating to client-side threat intelligence, including both human elements and digital capital behind it. While we are recruiting additional research analysts, we are investing in areas such as machine learning-driven rulcreation and more comprehensive automated reporting and alerting.

By combining both ML-based and human analysis on terabytes of web traffic with existing industry threat feeds, Ensighten’s client-side focused threat intelligence is largely unmatched within the industry. What is more, this investment in cybersecurity threat intelligence will directly feed into the Ensighten platform and customers will benefit from more accurate detection of existing threats and automated detection of emerging threats going forwards. 

 

It benefits more than just security 

For Ensighten, threat intelligence benefits more than just security  it will have a direct impact on consent enforcement as well because of the nature of our client-side focus. As organizations face increasingly stringent privacy laws in the form of the CCPA and GDPR, they look to solutions which can manage the website supply chain and ensure that areas such as customer consent choices are enforced. 

Client-side security threat intelligence allows for the understanding of how website components communicate, both illegitimate ones containing malware and legitimate ones performing user tracking or advertising. By having a constant understanding of how such things work, Ensighten’s compliance enforcement components are also evolved to continuously ensure compliance. 

Client-side threat intelligence helps organizations fundamentally understand how their website communicates and with whom, and when things suddenly change, it can point at a need to investigate what is different. 

 

The road ahead 

Over the coming months, customers and the community in general will see the benefits from this investment through technology enhancements and published research. As Ensighten’s cloud management platform is bolstered with ML-driven rules, reporting and alerts, customers will seamlessly realize these benefits through their security and compliance enforcement technology. Get in contact with us to learn more about client-side threat intelligence.