How State and Local Governments Can Take Full Advantage of Threat Intelligence
Earlier this year, the State and Local Government Cybersecurity Act of 2019, also known as S. 1846, was introduced in the Senate. The goal of S. 1846 is to improve the coordination of security efforts between the Department of Homeland Security and state and local governments, and encourage national security agencies to share threat intelligence. This would provide a vital resource for smaller agencies that lack the tools and expertise to protect their IT environments from sophisticated attacks.
For example, state and local government agencies are often targeted by ransomware attacks because their defenses aren’t always up to date. Threat intelligence can help agencies understand the warning signs of a potential attack so they can take steps to block the threat.
What Is Threat Intelligence?
Threat intelligence is critical to a successful cybersecurity strategy for state and local government agencies. More than just data about threats, actors and risks, threat intelligence includes evaluation and analysis of evidence, intent and capabilities. These insights are then used to create assumptions that help organizations determine where to focus their cybersecurity efforts.
Threat intelligence is not black and white. Not all data is completely reliable and not all data sets are complete, which can result in inaccurate assumptions and false positives. This is why threat intelligence is generally accompanied by a confidence assessment that indicates the level of reliability (low, medium or high). Threat intelligence is not a security platform but a capability that requires the right combination of people, process and technology to generate actionable insights.
Making the Leap from Data to Intelligence
Much of what is referred to as threat intelligence is just data. In other words, it hasn’t been filtered, analyzed and vetted. Data needs to be reviewed by qualified security professionals to produce insights that would be considered threat intelligence. Ideally, this information would come from sources in the same industry. Because threats are constantly evolving and hackers adapt their attack techniques on the fly, threat intelligence should be current and acted upon quickly.
In addition to vetting data, you should vet the sources of data to ensure that they provide reliable threat intelligence. Look for sources that use artificial intelligence to enable deeper analysis, weed out questionable data, and focus on the most serious threats that warrant human investigation.
The Cisco Talos Threat Intelligence Team
Cisco Talos, one of the largest commercial threat intelligence teams in the world, provides the visibility, actionable insights and vulnerability research that state and local government agencies need to detect and stop threats. Researchers, analysts and engineers work together to provide fast data analysis and greater threat context. Once the threat is detected and identified by the Cisco Talos team, you can take the appropriate action to protect your entire network from the threat.
S. 1846 would enable a highly coordinated cybersecurity effort focused on the sharing of threat intelligence, but its passage is far from assured. Let us show you how Cisco’s integrated cybersecurity tools harness the power of Talos’ threat intelligence to give you actionable insights that can protect your sensitive data and stop the latest threats.