Benoît Grunemwald - Eset

Threat Intelligence at the service of cyber-resilience

Published on

Combining intelligence with threat and cyber-resilience may seem antithetical: after all, the former is, it seems, all in anticipation while resilience is expressed only after the attack. And yet! 

Cyber-resilience is the technological incarnation of the proverb that "the reed bends, but does not break": this is to accept the fact that the company will inevitably be hit by a major cyber crisis, that its defenses will have failed, that its information system will be neutralized ... and that it will still have to continue working to survive.

"And the business continuity plan, then? "Will probably rightly say computer scientists. The PRA (Business Resumption Plan) and the BCP (Business Continuity Plan) are obviously essential components of the company's "business" cyber-resilience. But they usually rely on trusted computer resources that can be reconnected immediately to replace those parts in smoke.

This is no longer the case: a cyber crisis of malicious origin introduces two new elements that make it difficult, if not impossible, to apply a traditional PCA / PRA:

- The intruder may have been around for a long time. It has been able to sabotage many systems and destroy or contaminate backups for several months

- It is impossible to know which systems to trust. Any computer tool connected to the network is potentially compromised, including crisis management solutions or the very tools of the PCA / PRA

- And even if you can "go back" to a critical application to start working, there is no guarantee that it will not be compromised

This is a major crisis of confidence that requires a different approach. And it is precisely in this uncertain environment that Threat Intelligence excels!

Threat Intelligence, an invaluable knowledge base

Threat Intelligence consists of adapting some of the techniques from the world of intelligence analysis to the business world by helping the latter to better understand its specific threats (attackers groups, attack techniques, targets) for better understanding. to anticipate.

A good partner of Threat Intelligence will have a deep knowledge of the latest attack methods, the most stealthy malicious code and the "signatures" of the main attacker groups (their TTPs, for Tactics, Techniques and Procedures).

It will know the "who" (the most active attacker groups), the "what" (the latest vulnerabilities, the targets of the moment), the "how" (the latest intrusion methods, the latest malicious code) and sometimes even the "why" (thanks to regular monitoring of pirate exchange forums and, occasionally, undercover interviews).

Threat Intelligence is thus an invaluable knowledge base, often fueled for years by experts. For example, an actor such as ESET, actively protects 600 million workstations in the world, and therefore sees the bulk of new malicious codes as soon as they appear. In addition, for 30 years, its teams of experts analyze all techniques and follow groups of hackers, because it's essential to their work forever.

In short, new cyber crises plunge the company into the dark, at the heart of a formidable crisis of confidence. Cyber ​​Resilience is first and foremost clear. Obtain answers in order to be able to advance step by step towards a controlled reconstruction. And Threat Intelligence is the best tool to provide such answers.

Know more (fr)

Latest publication

Combining intelligence with threat and cyber-resilience may seem antithetical...Benoit Grunemwald, Cybersecurity Leader, ESET tells us more!

Read more