threat intelligence

The role of Cyber Threat Intelligence in patching

threat intelligenceVulnerabilities put your business at risk and with thousands of them emerging every year, it becomes impossible to patch them all, and that is where your research is required. Threat intelligence helps identify specific vulnerabilities that are a risk to your organization and provide custom solutions.

Gartner’s research has identified that among all the vulnerabilities identified in the previous decade, only about one-eighth of them were actually exploited in real-world attacks. The vulnerabilities that do not get exploited are often reused and leveraged in a wide range of threats.

Gartner recommends shifting focus from vulnerability management to ranking threats based on their severity. Though both vulnerability management and ranking of threats are important, systems like Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Scoring Systems (CVSSs) does not consider the performance of threats. At the same time, relying solely on the severity of the vulnerabilities won’t help combat threats.


Refocus your goals

The security system to obtain perfection should be completely immune to exploitation. But due to a large number of vulnerabilities, the “patch everything, all the time, everywhere” approach is impossible to achieve. With restricted time and resources, the approach should be the “biggest vulnerabilities first.” When we review the security breaches from the last decade, it is clear that the approach was misguided. Gartner in his research has suggested achieving a balance between what can be fixed, and what difference it makes with available resources and time.


The difference between perceived goals and actual outcomes is due to the negligence of the organization towards fencing against the vulnerabilities. The security teams consider attending the biggest and newer vulnerabilities due to the impression that the attackers target them immediately. Whereas, attackers do not switch to new vulnerabilities if they identify that the existing ones can be exploited multiple times with decreasing costs and less expertise. Gartner observed that the attackers exploit vulnerabilities that are relatively easy and present in widely used software.


To overcome this issue is to gain fundamental right on vulnerability management and patch the vulnerabilities that were exploited earlier, instead of focusing only on the new ones.



Gartner’s report on patching

Gartner, is its research found that nearly 8000 vulnerabilities were disclosed during the past decade, with a marginal rise in their number every year. The new exploited vulnerabilities, due to new software releases, account for only one-eighth of the actual number, whereas the number of threats has increased exponentially. This shows that though the number of breaches has increased in the past decade, new vulnerabilities contribute to only a fraction of them.

“More threats are leveraging the same small set of vulnerabilities.” – Gartner

Further, zero-day problems form a part of new vulnerabilities that go around 0.4% of all vulnerabilities exploited throughout the decade. Although cyber threat intelligence vendors cannot label them as ‘zero-days’ technically, patching the vulnerabilities of the software is the solution to fix a majority of expected zero-day threats. Through all these years, threat actors have evolved in exploiting vulnerabilities. They are now able to exploit them in 15 days, as against the previous 45 days. Organizations are now left with two options – either patch the systems in 15 days or have a plan to mitigate the damages.

How to fix this flaw

  1. Track a metric that identifies the conjunction of existing vulnerabilities and the ones that are been exploited by the threat actors. The highest repeated metric should be patched on priority as a defense against a breach.
  2. Protocols like network segmentation, intrusion protection, and privileged identity management are a great help in mitigating threats and preventing vulnerabilities in the absence of their patches. These protocols prioritize vulnerabilities that are being exploited.
  3. Identifying and mitigating the threats and patching them requires specialized skills. A Certified Threat Intelligence Analyst (C|TIA). It is a program that gives an individual or organization the ability to run a threat intelligence process and allows ‘evidence-based knowledge’ and ‘actionable advice’ about existing and known threats.


What is cyber threat intelligence and why it is important?
Threat Intelligence or Cyber Threat Intelligence (CTI) is a part of cybersecurity that focuses on the analysis and collection of information on both potential and current cyber-attacks that threaten the security of an organization or its assets. Cyber threat intelligence gathers raw information about new and existing threat actors from many different sources. Learn more: 6 Reasons why cyber threat intelligence matters
How do you get into threat intelligence?
Anyone with appropriate knowledge and right credentials are welcomed. In order to get the required knowledge and credential, take a look at our Certified Threat Intelligence Analyst (C|TIA) program. This program is in compliance with the NICE and CREST frameworks which implies that the curriculum of C|TIA covers all the aspects of cyber threat intelligence in a way to help you get through any challenging threat intelligence job role. Read more: Cyber Threat Intelligence: A Career Worth Considering!
What are insider threats and how can they be mitigated?
We focus on outsider threats because they all have clear-cut storylines, but while we concentrate on the crucial outside sources of threats, we often fail to understand that the upcoming threat could target you. Insider threats are often associated with malicious users but even employees play a key role in causing corporate breaches and massive data leakages. Learn more: The biggest threat to your organization data : An Insider
get certified from ec-council
Write for Us