How a Cyber Threat Analyst Works in a Company

Threat intelligence is everyone’s business. It doesn’t matter what security role we play. We come across a framework that helps us work smarter, working with a SOC analyst, or managing vulnerabilities and high-level security decision making ourselves.

In that sense, threat intelligence must be integrated with solutions and must be easy to execute. Threats come from everywhere, partners, internal, third parties or brand attacks. Therefore, safety equipment and devices responsible for:

1. Discover unknown threats.
2. Make the best decisions to drive a common understanding that accelerates risk reduction for the company.

A good cybersecurity strategy requires the execution of techniques and technologies to drive risk reduction, and thus, be able to stop threats quickly.

Threat intelligence to prevent attacks

The cyber threat analyst faces countless challenges on a daily basis. Among the most prominent we have:

• The vulnerabilities that they have to fix before a security breach occurs.
• The daily avalanche of data full of irrelevant information.
• False alarms in multiple security systems.

With a good threat intelligence policy we can allow ourselves to prevent and reduce attacks on an organization. Threat intelligence provides us with information as important as who is attacking us. In addition, we can determine what their motivations and capabilities are, and what indicators of compromise (IOC) in our systems to look for. In this sense, it helps us make informed and responsible decisions about our safety.

How teams can work in a company

Organizations must be prepared to prevent the threats of the digital world. It is not enough to keep computers up-to-date with the latest security patches or the latest firmware installed.

Every day there is more need for a cyber threat analyst and a security team that works in a coordinated way . Less than 1% of attacks are carried out without the user doing anything. For this reason, it is also important that in addition to the security officers and the rest of the employees they receive adequate training so that a security breach does not occur. Thus, for example, training employees not to fall for the tricks most used in phishing is a good idea.

How can security teams be organized in the company

A team of a company must work in a coordinated way and attending to its responsibilities. Depending on the capacity and training of a company’s employees, they can work in one way or another.

Sometimes security operations teams are chosen. Many times, due to the volume of work they have, they cannot process the huge flow of alerts they receive. Threat intelligence prioritizes and filters alerts and other threats and works on them with security solutions. As they apply more or less these techniques, they will be more or less efficient in their work.

Another way to operate is with vulnerability management teams, which know how to accurately prioritize the most important security flaws. Thanks to a threat intelligence team, they provide access to an external vision and environment. This way we can differentiate between immediate threats, possible threats and those that are not.

Finally, we have the fraud prevention, risk analysis, and other high-level security teams that are challenged to understand the current threat landscape. This threat intelligence provides organizations with key information on:

1. The actors of the threats.
2. Your intentions and goals.
3. The tactics, techniques and procedures that they will use.

As you have seen, we have three ways of working as a team, but for these to be effective we have to use threat intelligence efficiently.

How to use threat intelligence to protect ourselves

One way to use it would be with operational threat intelligence that provides information on ongoing cyberattacks, events, and provides incident response teams with specialized knowledge that helps them understand the nature and target of attacks. It basically comes from machines and provides technical information about attacks.

The other way with a strategic threat intelligence that offers a summary of threats of a company. Here human intervention is required with a high level staff like a cyber threat analyst. The information is related to business orientation through reports that cannot be made by machines but by highly trained people.

Time we have when a vulnerability is discovered

All security teams must protect your business from cyber attacks, especially targeted ones that try to exploit a vulnerability in your applications. Today, cyberattacks are widespread, so each year, each company, is exposed to multiple vulnerabilities.

The cyber threat analyst must be able to detect them in time and fix these security gaps. It should be noted that, in the last ten years, the average time that passes between the identification of a vulnerability and the appearance of an exploit to exploit it has been reduced from 45 days to 15 days. Therefore, from here we can draw two important conclusions:

1. We have about two weeks to patch or repair our systems against that exploit.
2. If it is impossible to solve the problem, we must at least have a contingency plan to mitigate the damage.

The danger of malware in a company

Preventing advanced-level threats in enterprise networks is a challenging task. Malware analysts and threat researchers prepare by analyzing full malware samples.

A phishing attack can flood a business with malware and can cause the loss of confidential information and reputation. The job of the cyber threat analyst is to prevent and avoid it in coordination with his team and other employees. For that reason, phishing awareness courses for employees can be a good idea.

In this case, the development of exploits and reverse engineering can help understand the vulnerabilities that hackers often exploit.

Phases of a cyber attack and conclusions

Cybercriminals follow a series of stages in their attacks that are usually:

• Recognition.
• Armament.
• Delivery.
• Exploitation.
• Installation.
• Command and control.
• Actions and objectives, sometimes referred to as exfiltration.

Using threat intelligence can enable companies to build a defense-in-depth model that addresses every stage. In this sense, the security teams and the cyber threat analyst that we have talked about before play a crucial role. They are in charge of developing a strategy to prevent attacks and mitigate them when they take place.

In this sense, threat intelligence must provide these professionals with the context to make informed decisions and act. The ultimate goal without a doubt is to efficiently reduce risk by preventing vulnerabilities.