Keeping a competitive edge in the cybersecurity ‘game’

Instead of thinking of cybersecurity as a problem, IT leaders should look at it through the lens of a game — and threat intelligence gives your team the competitive edge.
threat intelligence
Jason Zann, Threat Intelligence Specialist, Microsoft Federal

It’s time we stopped thinking of cybersecurity as a problem. Instead, it’s a game, with each side trying to outthink and outmaneuver the other. Bad actors can choose when and how to exploit vulnerabilities, but defenders need to know all possible inroads and be prepared for a range of outcomes. Threat intelligence (TI) can give agencies a meaningful advantage by providing situational awareness in context.

Still, gathering knowledge is only part of how the game is played. Staying ahead of adversaries essentially comes down to three elements: visibility, capabilities, and governance, and all are tied to the impact of TI on your security posture.

Awareness delivers a decision advantage

TI is about predicting the future, not explaining the past. Its job is to give you greater awareness, helping you anticipate an adversary’s next move. By correlating internal data, open-source information and third-party inputs, TI helps you spot obscure connections and patterns. This is crucial to identifying threats early enough to do something about them; TI is vital for rationalizing strategies, placing bets, and dynamically rethinking countermeasures.

A smarter defense looks at all the angles

Some attackers are after a specific prize, but in some cases, you might actually be a target of chance, not a target of choice. This means intruders aren’t looking for something specific, and if blocked in one direction, they may simply try another.

That’s why generating intelligent responses to threats takes diversity of thought and perspectives. Angles are not just technical; they are informed by people with different functional, operational, and even life experience backgrounds. Responses today are less about suppressing a single alert and more about stringing alerts together to look through the eyes of the adversary, informing a broader community defense model.

Augmenting the human touch

AI-based automation can play a critical role across the three stages of TI: collection, analysis, and dissemination. AI empowers human decision makers to keep pace with, if not get ahead of, attackers.

AI can also lift long-standing burdens that many agencies face. First, there’s the issue of alert fatigue; if each alarm represents a top priority, how can analysts, who are already spread too thin, choose which fire to fight first? Next, the siloed or bespoke systems found throughout government require too many separate queries, which adds a complexity and time barrier to cyber defense. AI can enable higher confidence, faster, and better coordinated processes, so you can quickly identify the threat and mount an appropriate response.

Governance is everyone’s business

Zero Trust embodies the rules and principles that govern security across the agency. A Zero Trust approach also supports every player on the defensive team, making everyone across the agency essential to security.

Under Zero Trust principles, TI informs a common operational picture of your threat landscape, and surfaces threats that would most likely impact your agency’s operations. This enables you to focus on the bad actors and threat vectors most likely to impact your agency’s operations.

The best strategies are intelligence-led

We’ve all worked tirelessly dealing with threats, and while as an industry, we’re getting better, the challenge is getting harder faster than we are getting better. We need to start thinking differently: we need to find ways to get more defenders in the game, we need Zero Trust to protect people and data across government (and keep bad actors from looking like good ones), we need AI to grow the effectiveness of our cyber strategies, and we need threat intelligence to inform and drive our priorities. Going forward, this is how the game of cyber security will be played.

Read more about integrating security intelligence tools to defend against modern threats.

This article was produced by Microsoft Federal, for CyberScoop.

Jason Zann

Written by Jason Zann

Jason Zann is a Threat Intelligence Specialist at Microsoft with 25 years of cybersecurity experience in various leadership and field operation roles. Prior to Microsoft, he was an early employee of both iSIGHT Partners and RiskIQ where he helped to build the Threat Intelligence and Enterprise Attack Surface Management industry that we know today.

Latest Podcasts