Integrating Threat Intelligence to Keep up with Today’s Cyberthreats

Today’s cyberthreats are advancing in both methodology and frequency. To keep pace with evolving cyberattacks, you need to make use of all of the information and intelligence available. Threat intelligence can help you stay one step ahead of cyberthreats by providing you with rich, external context.

Integrating threat intelligence into your SIEM can help increase overall network visibility, keep you up to date on potential risks within your environment, and enable you to rapidly detect and respond to cyberthreats.

As discussed in a previous blog, threat intelligence combines internal intelligence gathered by your SIEM with available, external intelligence to help you understand the nature of a threat.

To recap, the primary benefits of adding threat intelligence to SIEM are:

1. Increased visibility: Obtain a greater understanding of threats for faster detection
2. Improved context: Combine internal intelligence with external threat intelligence to make it actionable
3. Enhanced productivity: Enable a proactive defense, rather than a reactive posture

What Makes a Threat Intelligence Provider Stand out from the Crowd?

Just as Machine Data Intelligence (MDI) Fabric uniquely empowers the LogRhythm platform with contextualized data primed for analytics, value-added threat intelligence must be powered by diverse, quality inputs.

Some of these inputs may be publicly available, open-source feeds that could be free from sources, such as DHS, ISACs, or ISAOs. Additional input sources can be found in proprietary access to global private networks, endpoints, or enterprise implementations. Interestingly enough, many commercial threat intel providers resell other threat intelligence feeds so that the provider itself becomes a trusted indicator of industry-validated or peer-validated quality.

Ultimately, security practitioners want threat intel that will be complementary to everything else in their security stack—whether that be endpoint protection, cloud security, or NextGen SIEM.

Factors that Help Differentiate Threat Intelligence Providers

When choosing a threat intelligence provider, consider the triple A triad: accuracy, availability, actionable. You don’t want external intelligence that’s going to spawn a bunch of false positives. You want accurate, timely threat intelligence that’s published rapidly. You need intel that is highly available and can be accessed as needed. Finally, you don’t want to have troves of structured and/or unstructured data without meaning—it needs to be actionable.

Security analysts and vendors generally agree that threat intel and SIEM are a strong match. Explore our Threat Intelligence Services (TIS) a bit deeper to understand the platform enhancements made possible through this integration.

Webroot BrightCloud and LogRhythm

Webroot is a key partner within our threat intelligence partner ecosystem and excels at many of the differentiating characteristics described above.

Webroot BrightCloud gathers intel from a number of sources, including the cloud and artificial intelligence.

LogRhythm integrates with actionable BrightCloud Threat Intelligence to provide LogRhythm customers with comprehensive, real-time threat visibility and contextual security analytics. The BrightCloud Threat Intelligence integration can help protect you from malicious URLs, IPs, files, and mobile apps.

Figure 1: Webroot BrightCloud Daily Detection of Previously Unknown Threats (Click Image to Enlarge)

Check out the recent Webroot press release to learn how to easily take advantage of the Webroot BrightCloud integration with your LogRhythm SIEM to ensure your organization is ready to defend against modern cyberthreats.