Threat Intelligence – the indispensable trend to ensure network information security

According to Mordor Intelligence (India), the world cyber security knowledge (Threat Intelligence – TI) market is expected to reach 13.9 billion USD by 2025, with a CAGR of 17.5% in the period of 2020. – 2025. The origin, target, type of technology and development of attack techniques are the main reasons driving the development of the TI market. Besides, the increase in the amount of data generated by different businesses is also a factor driving this market to grow.

Network security knowledge sharing is the trend to prevent cyber attacks

Vietnam is also not out of this development trend. According to experts from Viettel Cyber ​​Security Company (VCS), the needs of organizations / businesses (TC / DN) for TI will focus on the following three issues:

First: Active defense. The use of TI will help to give warnings about gaps, practical exploits for information technology systems being operated by TC / DN. TI also makes predictions and warnings about targeted attacks in the same context, for example: an attack on the purpose of a bank A, bank B is at the same risk. In addition, TI will provide information that directly affects the reputation, financial risks and other business activities of customers.

Second: Monitoring and discovery. Information collected and shared from TI allows TC / DN to perform in-depth analysis, combined with other security solutions in the system to detect attack techniques and campaigns. In addition, TI also helps organizations detect fraudulent and stolen intellectual property activities related to organizations through data sources collected from internal systems as well as sources from multiple channels. share on the Internet.

Third: Handling incident response. In the event of an incident, TI can provide detailed information on incident response operations and mitigation methods to ensure that critical information and TC / DN assets are always protected. Not only that, TI also supports the collection and processing of communication information related to the incident facing the organization.

To meet the above needs, the quality of a TI must satisfy the following factors:

Source coverage: For a TI system, the coverage of the data source is of particular importance. The larger the information source, the higher the quality of TI. With the strength of being the largest telecommunications service provider in Vietnam, Viettel’s knowledge source (Viettel Threat Intelligence) is very plentiful, collected and synthesized on a wide network, deep web, dark web. , malicious code attack, intentional attack … Especially data sources from internal research by leading Viettel experts.

Quality of the source: This largely depends on the technology solution the organization is using, ensuring large-scale (internal and external) threat analysis. The technology used must ensure data collection and correlation to use both structured and unstructured data from many different sources, and at the same time be able to automate the enrichment of data from This allows the technical team to search and discover all the collected data with the fastest time and with high accuracy in identifying existing or potential cyber-attacks and threats. functions that may threaten the organization’s operations.

Features of Viettel Threat Intelligence system

Viettel Threat Intelligence is capable of collecting fast, accurate, high value information from many sources, especially from private, confidential, and uncommon sources for analysis and warning. The information is provided fully (including private sources) and identified by the VCS expert.

Delivery time: TI must give warning very early, as soon as a risk appears, accompanied by full technical analysis, detailed expert assessment, how to detect, prevent, to bring The advantage helps TC / DN to quickly react and stop the risk, even when the attack has not happened. Through the Threat Alert feature, Viettel Threat Intelligence has the ability to warn the latest cyber security threats that have appeared, including new vulnerabilities, new attack techniques to overcome defense solutions, attack campaigns. New technology from targeted attack groups, dangerous new malware, … Besides, international standard APIs such as STIX / TAXII help Viettel Threat Intelligence not only be used to supplement analytical data. for information security solutions that are part of the SOC ecosystem of Viettel Security Company, which can also be integrated with other international solutions.

For more information, please contact Viettel Cyber ​​Security Company at: Floor 41, Keangnam Landmark 72, Đ. Pham Hung, My Dinh 2 Ward, Nam Tu Liem District, Hanoi; Website viettelcybersecurity.com ; email: vcs.sales@viettel.com.vn; Phone: 0971.360.360.