OVERLAND PARK, Kan., April 15, 2015 /PRNewswire/ -- RiskAnalytics is a new contributor to Verizon's 2015 Data Breach Investigations Report. The report highlighted a data set we provided that illuminates the speed at which attacks spread and the lifecycle of a malicious IP address.
Two key takeaways
- To maximize our collective defense, intel must be shared much faster.
- Cyber attacks spread extremely fast. We find 75 percent of attacks hit Victim 1 within 24 hours of hitting Victim 0.1
- More than 40 percent hit Victim 1 in less than one hour.1
2. The quality and "freshness" of an intel feed is critically important.
- Once a cybercriminal uses an IP address to launch an attack, he quickly moves on to another IP address.
- Most IP addresses are used maliciously for less than a day.1
The DBIR recommends that producers of threat intel "choose the well over the firehose"1 and prioritize quality over quantity in order to deliver greater value.
What makes an intel feed valuable
- Continual updates — If an intel feed is updated only once or twice a day, it is of little use.
ShadowNet, RiskAnalytics' intel feed, is updated in real time. Users receive updates at least every ten minutes. - Culling outdated IPs — After an IP address is no longer a threat, it doesn't belong in the intel feed and should be removed to avoid "false positives." Using a bloated list creates inefficiencies and can reduce productivity, which is why larger feeds aren't necessarily better. The focus should be on quality (and continual relevance), not the quantity of IP addresses in the feed.
ShadowNet is continually managed, and IP addresses that are no longer threats are removed. - Authentic sources — Due to the latency inherent in open-source based daily feeds, these intel sources are of limited value. To be useful, intel should be harvested from authentic sources.
RiskAnalytics has invested the time, resources and brainpower to build a vast and diverse infrastructure that monitors the Internet for criminal activity. We do use only authoritative sources, and we do not simply repackage aggregated data or public lists.
"The 'herd alertness' principle referred to in the report is part of our strategy for protecting our customers' networks," explains Jeff Stull, RiskAnalytics CEO. "Producing and sharing intel that is highly accurate — but most importantly, actionable — is foundational to our approach."
About RiskAnalytics
RiskAnalytics develops real-time contextual cybercrime intelligence used by the network security and insurance industries to manage risk to business networks. RiskAnalytics also employs the intel in its own range of security services that includes solutions for both external and internal cyber threats, as well as managing the human, legal and financial elements of risk. Learn more at riskanalytics.com.
12015 Data Breach Investigations Report, pp. 10-11. Verizon website. Available at: http://www.verizonenterprise.com/DBIR/. Accessed April 14, 2015.
Logo - http://photos.prnewswire.com/prnh/20150415/198819LOGO
SOURCE RiskAnalytics
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article