Threat detection and response for improved workplace security

In the modern economy, a business is only as good as its data. It needs to be protected at all costs.

Our 2021 Global Workplace Report revealed that only 43.2% of employees are confident that company information is safe when they’re working from home. This is shockingly low, given how long we’ve been working flexibly (since the beginning of the pandemic, if not longer). It demonstrates that most businesses are still struggling to put in the right security tools and employ training to ensure company information remains secure as we embrace hybrid working. 

I don’t mean to make light of the security challenge. Most security teams don’t have the time, energy and resources to independently build a unified defense against mounting cybersecurity threats across a growing digital footprint. Securing the hybrid workplace is even a challenge for organizations that were advanced in their security prior to the pandemic. The fact is every security team is having to undergo a transformation that supports the ‘new normal’ and identifies risk when most of its employees and devices are outside of the traditional corporate security perimeter. 

What will set the leaders apart from the laggards in managing pandemic-related cyber-risks is the ability to identify, detect and respond to threats faster and with more intelligence to power decision-making.

At NTT, we’ve spent the last 20 years innovating, refining and co-collaborating with clients and learning on the job how to deliver an intelligent, automated and responsive threat detection capability. Here’s a quick debrief on why threat intelligence and threat detection are important, some examples of how we’ve helped clients and some innovative new solutions we’re bringing to market.

First off, a quick introduction to the key concepts:

What is threat intelligence?

Threat intelligence is data that’s collected, processed, analyzed and contextualized to better understand cybercriminal activity (motivations, targets and behavior). Producing excellent threat intelligence at scale requires huge volumes of data, and it’s what makes it hard to develop a robust threat intelligence capability internally and independently. It’s often more about looking wider than one’s own environment – for instance, across the deep and dark web to identify threats and campaigns. Then, by utilizing data from within your environment with the insight you’ve gained from outside, you can improve detection and the ability to understand the threat. At NTT, because we’re providing managed security services to clients around the world, we gain insights and data points from our client base, but we also gain data from our Global IP Network (GIN), one of the world’s largest dual-stack Tier-1 global IP backbones, as well as our Threat Intelligence and Research Teams. In other words, we’ve invested millions over decades to help you make informed, risk-based decisions so you can identify and stop attacks earlier and be more proactive in response to future threats.

What is threat detection and response?

Threat detection and response should be your first line of defense against cyberattacks. Since it’s not if but when an attack will occur, and traditional perimeter security is moving to cloud-based models (or disappearing altogether), quickly detecting and accurately identifying the threat is key to ensuring you can respond and mitigate the damage of an attack to your business. Threat intelligence is critical to your ability to detect and validate what threats exist – but also which are of material nature to your business and which don’t require action as a matter of priority. Threat intelligence and threat detection often exist symbiotically. As threat intelligence improves, it can enhance your ability to detect threats. As more complex threats are detected, it informs your intelligence and what to watch out for next time.

Why they both matter for the age of hybrid working

To keep businesses up and running during the pandemic, IT teams and business leaders scrambled to adopt technology that supports remote working, such as cloud-based technologies and applications or off-the-shelf collaboration solutions. But unfortunately, 80.7% of IT leaders say they’re finding it more difficult to spot IT security or business risk brought about by employees when they’re working remotely. The rush to keep the lights on and move to the cloud has left security gaps and created a porous security posture and perimeter.

Cybercriminals have recognized this opportunity. Employees and company data are more vulnerable outside the corporate network security perimeter, and employees are also less likely to be aware of the latest tactics used by threat actors. Our threat intelligence analysts expect attacks on unwitting employees to continue to increase in 2022. 

Good threat detection and threat intelligence need to look across your entire attack surface 24/7, wherever your people, assets and technology exist, to ensure you have a good understanding of where you’re vulnerable and what you can do about it. It’s also critical for reducing attacker dwell time, reducing the cost of response, improving scalability and optimizing your security operations.

Insource or outsource?

Here are some important things to keep in mind as you consider building your own threat detection and response program:

Can you generate the threat intelligence your business needs?

Getting contextually appropriate threat intelligence is difficult because of volume, a shortage of skills and time and manual processes. Your threat detection capabilities need to be able to quickly sift through thousands of data logs at any given time to generate intelligence and find the needle in the haystack that’s relevant to your business. Excellent threat intelligence and detection capabilities should go beyond what the ‘off the shelf’ security technology in the market finds and blocks automatically and be focused on helping you find the complex, hard-to-discover attacks.

Threat intelligence should also be gathered using a mixture of different methods and intelligence sources and data and information types to help you build as complete and contextually aware of a picture as possible.

Do you have the skills, resources and capabilities to build your threat detection and intelligence capabilities in-house?

Developments in analysis, automation, AI and machine learning are key to streamlining both the threat detection and threat intelligence processes and making them more manageable and actionable for security teams. Professionals who develop, hone and implement these types of technologies in the security world are highly sought after. Working with a managed security services provider for threat intelligence can be incredibly beneficial, as they’ve already invested the time and resources to develop an exceptional service and have the dedicated security expertise you’ll need.

While many service providers offer their services via the cloud and on a subscription basis, NTT offers a tiered subscription, including a free starter subscription to our Cyber-Threat Sensor AI.

Think long-term

Any planning you do for threat detection and intelligence within your organization should be designed as a long-term solution given the pace of change – both in terms of technologies, approaches and cybercriminal tactics.

If you’re keen to learn more about whether or not partnering is the right choice for you, check out some of our threat detection and response use cases around protecting financial systems from zero-day exploits, protecting resources from cryptojacking and cryptomining malware, detecting and responding to ransomware and stopping TrickBot and other banking trojans. And, here’s a short video on how our CTS-AI service does it all.