Sage Advice - Cybersecurity Blog

Video: The Importance of Threat Intelligence in Detecting Network Threats

By joining forces to collaborate and share information, we stand a far better chance of beating back the bad guys. With threats continuously evolving, this is an on-going and time-consuming responsibility. And if you’re not able to keep up-to-date with the latest threat intelligence, your network could be vulnerable.

With a log analysis service, like Tyler Detect, you have access to a highly-trained security analyst who is constantly consuming the latest threat intelligence, and incorporating it into our methodology. Watch as Ron Bernier, Director of Tyler Detect, discusses how our ability to leverage the power of a diverse aggregation of network traffic data, coupled with a variety of other sources, helps us better detect threats to your network.


Brendan: Threat intelligence and information sharing is a huge point of emphasis lately as far as sourcing as much public and private information that is available, and then incorporating all that information into your log review methodology. On the surface that seems like a fairly tall task, especially because you’re constantly trying to keep up to speed with the latest developments and evolution of the threat dynamic. So Ron, what should organizations be thinking about when deciding whether or not to bring the functional responsibility of log review in-house vs. potentially partnering with subject matter experts, like Sage?

Ron: So, a couple big things stick out right away. One is, you have to have trained staff, right, that are keeping their methodology up-to-date using current threat intelligence, feeding it into their automation, then being the security analyst and researching what that system is telling them by their questions. Knowing the right questions to ask is the most difficult part of that.

So, if you’re doing your own network analysis, and only your own, you see only your network traffic. And you don’t really know is this normal internet-wide? Or is just normal to you? Let me give you an example. Everybody likes to talk about zero-day malware, zero-day infections. Well, if we see traffic that we’re not sure of in somebody’s logs, we compare it to everybody else’s. Doing it yourself, you can’t do that. We compare it to everybody else’s and it’s not happening anywhere else…. That’s a lot more suspicious than if it’s happening everywhere. Because not everyone gets infected with the same zero-day the first day it’s available.

So, you’ve got that aspect of the power of many… the power of all this client data.

The other thing that’s also important is you may have a particular type of firewall, and it may or may not be doing a good job of doing malware detection. There are a couple recently who have been doing very well, others really don’t do well at all. But because we have some many clients, that have some many different, disparate systems, we have not only that cumulative network activity to compare it to, we also have those alerts, those events that are detecting malware on a specific client that we can then leverage as well. And apply that to all our other clients.

While you may have a firewall that may not be doing all that well at defending you from internal threats going outside, you still get that benefit. Where if you’re doing it yourself, you’re stuck with your folks, your methodology, applying it just to your network traffic, versus having a company that specializes in consuming all this threat intelligence, making sense of it, and then applying it to a much larger, cumulative amount of network traffic. That really enables you to leverage that power. More than just your own staff, your own network traffic.


As cyberattacks continue to soar, it's time to get proactive when protecting your network. You can’t simply sit back and wait for an automated alert to let you know you’ve been breached. You need to actively seek out potentially malicious behavior on your network. That’s why we’re seeing a shift to a more proactive approach... Cyber Threat Hunting. Learn how to defend your network. Learn more in the Sage Advice Guide to Cyber Threat Hunting.


Topics: Log Analysis, Threat Detection Tips, Threat Intelligence

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More