Understanding what the attackers are talking about, what innovations they are working on, their tool development cycles, how they choose targets, their motivations, collaborations, and areas of new research can provide tremendously valuable insights to the evolving cybersecurity risks. Sure, looking at vulnerability feeds is easy, but only accounts for one piece of the risk picture. Less than 2% of all vulnerabilities ever get exploited. Vuln management, although an important inwardly facing process, it is not sufficiently comprehensive.
Take a lesson, passed on for more than 90 generations, and made famous in Sun Tzu’s “Art of War”: “Know your enemy and know yourself and you can fight a hundred battles without disaster”. If you want to be prepared for future engagements, get serious regarding knowing everything you can about the opposing team.
A wonderful article 7 Places to Find Threat Intel Beyond Vulnerability Databases in CSO Online outlines seven great sources to get the inside scoop on what your enemy may be working on!
I am a fan of them all.
So often, businesses are exclusively focused on finding vulnerabilities within their environment and ignore understanding the attributes of the intelligent adversaries they face. Identifying the technical weaknesses of the infrastructure is important, but becomes a never-ending cycle as more vulnerabilities are discovered in the world. With technology constantly changing and connecting with other systems, the possible areas of exploitation increase accordingly.
Think of it in these terms. Imaging you own a soccer team and want to win the next game. If you only focus on the condition of the field and your players skills, you will likely be at a disadvantage when a well-informed opposing team takes the field. What is missing is the intelligence of the strengths and weaknesses of the opposing force. Only then can you develop winning tactics to outmaneuver the other team.