Cyber Threat Intelligence (CTI) has been a critical aide in the Cyber Security Landscape in the years since its inception. An industry with humble beginnings, with IP and URL blacklists forming the early life of CTI, has now become a multi-billion-dollar industry, with a current value of $11.6 Billion globally – predicted to exceed $15.8 Billion within the next half-decade. As threats continue to become more complex it is important to ask the following: Where will CTI be in the next decade? Will it evolve at a sufficient rate as to combat evolving threats? The reality is that CTI continues to grow and significantly benefits adopting organisations. These organisations on average see their IT security teams become ‘32% more efficient and resolve security threats ‘32% faster [1] – showing its strength as a tool.
To begin understanding the future of CTI, we must first understand how it is currently obtained, and subsequently applied to prevent attacks. This is done in numerous different methods, from AI to Attack Reports to Dark Web Reconnaissance. Applying it is a different matter, as often CTI is used in a reactive sense to prevent attacks from happening again. We need to begin to think of threat intelligence as the means of preventing attacks before they happen and become proactive as a community.
AI has become a fundamental part of the cyber security landscape, and consequently has become one of the most powerful CTI tools that we have at our disposal. This is due to it effectively coping with overwhelming volumes of data, whilst also ensuring the freshness of the data, allowing us to process large amounts of threat intelligence at a much more efficient and faster rate than if we were to use human workers.
As time progresses, and more and more CTI is gathered, the question will become how will AI be able to cope? And to answer this we need to predict the future of AI itself, and that future is Quantum. Quantum AI, once the pinnacle of Sci-Fi, is a theoretical idea that revolves around applying Quantum Computing Technology to Artificial Intelligence. Now, what are the advantages of this? Processing Power and Speed - attributes which are vital for CTI and would further strengthen the advantages modern AI has for CTI. However, theories are still being discussed regarding the power of Quantum AI, with some theorising it may have the ability to review each piece of intelligence gathered and consequently apply the change itself, which could massively aide in proactive defence. This level of processing power does exist, however it is extremely rare in its current format. Google claimed to have achieved ‘quantum supremacy’ [4] in 2019 as they developed a computer with a 54-qubit processor, capable of solving a pre-defined problem in under 200 seconds – the same problem would have taken 10,000 seconds with a modern supercomputer – showing the vast upgrade quantum computers will provide. However, it is highly unlikely we will see this technology at a consumer level until the 2030s [5] at a minimum.
The biggest factor regarding the future of Threat Intelligence is the greatest tool of all, People – more specifically collaboration. Threat Intelligence collaboration between organisations should be at the forefront of the cyber security landscape, and steps towards this are already being taken. Organisations, such as Recorded Future, provide services in this department as they continue to work to ‘deliver threat intelligence that is meaningful and accessible’ for all cyber security professionals, but most importantly they continue to work towards ‘removing all barriers to adoption’. The growth of similar organisations shows accessible threat intelligence is being pursued rapidly and has led to the development of technologies such as Encore – a technology developed by Performanta which presents all the vulnerabilities within a system, such as exposed emails and passwords – allowing security teams to proactively take steps to resecure said vulnerabilities.
Open-Source Intelligence (OSINT) is another tool which continues to see annual growth – exceeding $9.74 Billion in 2021 [2] – and is poised to grow at a rate of 25% CAGR over the next six years. This growth is possibly due to the fact OSINT enables organisations to gain a greater understanding of the strategies employed at rival corporations and implement measures which can aide in expanding market presence. Achieving strong momentum following the COVID-19 Pandemic, has allowed OSINT to quickly become one of the largest contributors to threat intelligence, and it will likely remain as a key player in the threat intelligence market – assuming the post pandemic momentum push does not disappear.
The final tool at our disposal with regards to threat intelligence is the Dark Web, and more specifically Dark Web Reconnaissance. Now Dark Web Intelligence, DWI, continues to be a growing market – growing at an estimated 20.1% annually [3] - and continues to play a prominent role in allowing us to prevent threats. Numerous unindexed websites supply substantial amounts of information which allows vendors to take proactive steps to protect their organisational systems – this has led to Dark Web Portals/Forums being used to produce counter-terrorism measures and has aided in the development of Cyber Risk Analysis activities which has allowed organisations to become better at identifying risks, and their possible impact on the organisation. One such resource is the webpage ‘Data Breaches Digest’. This is a blog thread which collates information, published by attackers, regarding data breaches and this research has led to prevention being possible as a result, so if you’re looking to gain insight on numerous breaches that go under the radar, it is worth the read.
So, how does this relate to the Avengers? Well in reality each individual tool is sufficient for use within threat intelligence, much in the same way one individual hero could stop a villain. The real strength of threat intelligence, much like the Avengers, comes with collaboration. By allowing your organisation to invest in numerous methods of obtaining threat intelligence and integrating it will greatly increase the chance that all bases are covered, Dark Web Intelligence may provide you with common exploits that are used by attackers, but where do you then gather information regarding zero-day threats? You may initially collect large pools of data, but how do you then quickly sort and filter this data without AI? Each tool mentioned here dramatically benefits one another, much in the same way as the Avengers.
To summarise, the future of threat intelligence will be heavily influenced by the tools referenced here, however it is more important to think of the ways we can combine these tools and collaborate as an industry. Producing accessible threat intelligence, that is meaningful, as well as ensuring that we can remove all barriers to its implementation is just as important to ensuring the future of threat intelligence is secure. As we may have each of these individual tools, and the Avengers when they are combined with one another, the most important factor for the success of threat intelligence, both now and in the future is, and always will be, the cyber security community.
References
[1] "What Is Threat Intelligence? | Recorded Future", Recorded Future, 2021. [Online]. Available: https://www.recordedfuture.com/threat-intelligence/. [Accessed: 18- Jul- 2021].
[2] Maximize Market Research. 2022. Open-Source Intelligence Market: Global Industry Analysis and Forecast (2022-2029). [online] Available at: <https://www.maximizemarketresearch.com/market-report/global-open-source-intelligence-market/66653/#:~:text=Open%2DSource%20Intelligence%20Market%20size,reaching%20nearly%20USD%2056.95%20Bn.> [Accessed 7 September 2022].
[3] "Dark Web Intelligence Market: Market size, Industry outlook, Market forecast, Demand Analysis, Market Share, Market Report 2021-2026", Industryarc.com, 2021. [Online]. Available: https://www.industryarc.com/Report/18535/dark-web-intelligence-market-research-report.html. [Accessed: 01- Aug- 2021].
[4] W. Roush, "The Google-IBM “quantum supremacy” feud", MIT Technology Review, 2020. [Online]. Available: https://www.technologyreview.com/2020/02/26/905777/google-ibm-quantum-supremacy-computing-feud/. [Accessed: 15- Sep- 2021].
[5] "What are AI and machine learning adding to threat intelligence – brains, brawn or both?", Blueliv, 2020. [Online]. Available: https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/what-are-ai-and-machine-learning-adding-to-threat-intelligence-brains-brawn-or-both/. [Accessed: 29- Jul- 2021].
Comments