Threat research is key to a strong cybersecurity program

Cybersecurity research sets organizations apart. How can you integrate it into your program?


Cybersecurity is no longer just an IT issue — it’s become a strategic initiative for the entire business. Threats don't wait for organizations to be ready for them, so organizations need the ability to act quickly both when implementing defenses and consuming the newest findings in cybersecurity threat research.

New data shows that organizations that are most advanced, and therefore the most protected, have optimized their cybersecurity research function. 

Sixty-eight percent of the most advanced organizations, defined as those that have best optimized their security posture against the NIST framework, proactively manage security risk through research, according to ThoughtLab. However, less than half (45%) of all organizations excel at threat research as a means to proactively manage security risk.

The cyber risks facing our world today

Cybersecurity threat research is so important for organizations today because we’re more vulnerable than ever before. There is a wide range of factors that contribute to a more complex landscape. These include:

Everything has gone digital
For years, we’ve been living in a more digital environment. But the pandemic accelerated digital transformation of business, government, and social interaction. Now, millions of people who had previously gone to an office are working from home on their own networks and devices. Additionally, the rise of a remote or freelance workforce multiplies risks from the use of more devices outside corporate perimeters.

New technologies have emerged
Although the technological advancements we see have improved business efficiency in many ways, they’ve also introduced new vulnerabilities and other cybersecurity considerations. AI, IoT, multi-cloud, and 5G create cyber vulnerabilities for organizations and provide more advanced weapons for criminals.

Cyber adversaries step up their game
Cybercrime becomes a big business through ransomware; threat actors become smarter, better organized, and more institutionalized. Plus, cyberwarfare has taken center stage in recent years: Russia’s attack on Ukraine marks a new wave of geopolitical volatility, making cyber warfare a greater threat in the free world.

Regulations become more complex
As the environment has become more complex, so have the regulations introduced by governments, agencies, and other players. Ultimately, cybersecurity worries have prompted a maze of new regulations around the world, from the US to the EU and Asia.

Tips on setting up an effective cybersecurity threat research practice

There are some best practices to building an effective cybersecurity research strategy. 

1) In-house experts make a difference. 

When it comes to conducting research to inform your approach, those that keep the task in-house are more likely to see success than those who outsource. Advanced organizations tend not to outsource functions like threat intelligence, firewall management, and risk assessment as much as less mature organizations “since they have built up their own internal staff for these activities that work together across risk and security functions.”

It’s also important to follow other researchers. Elastic Security Labs, for example, explores malware, ransomware, tactics, activity groups, adversaries and all things security. 

2) The right tools help you focus on the right data.

According to Keith Jones, Ph.D. and Senior Cybersecurity Researcher at Corelight, the rapid increase in data has caused him to create tools that assist with cybersecurity challenges. Quickly deploying new capabilities with open software frameworks allows your in-house experts to scope the impact of a new vulnerability, analyze threats to understand risks, and apply novel research.

“Even in my own home — with my wife and three kids on our home network — I couldn’t go through all the logs by myself as there’s too much network data that’s being produced,” said Keith. “Once we started having gigabytes and terabytes of data on our computers, we could no longer have a human review. Instead, I’ve learned what to look for and developed tools to help detect various anomalies.”

3) Employ comprehensive monitoring.

Keith reminds us that we can’t investigate what we can’t see, which is why monitoring tools are so important. It's necessary to have some kind of monitoring because if something bad does happen, then you have the opportunity to find out what happened on your network so that you can remediate it. 

“A lot of times, especially 10+ years ago when people weren't used to the level of attacks that we have today, you’d see something bad had happened but didn’t have any evidence to know exactly what had occurred,” said Keith. “We didn't know if the attacker touched just the web server, the database server, the authentication server, or something else.” For that reason, Keith recommends having comprehensive monitoring tools that can help you detect exactly where, when, and what anomalies occur.

4) Context — the “why” — is worth exploring.

Creating safeguards against cybersecurity risks is important, but it’s essential to understand the wider context: Why would a bad actor be interested in your data? What is at stake– for them and for you?

Some organizations have adopted the term “threat intelligence” to describe the context and action, and is enabled by technologies that automatically analyze and reveal data that helps us understand a bad actor's motives and behaviors. With the addition of threat intelligence, we can make faster and better decisions.

Defining your approach to cybersecurity research

The threats today are too great to ignore. Cybersecurity is a business issue — it’s not limited to an IT department. To protect your organization, it’s best to fold cybersecurity research into your approach. By gaining an understanding of what’s happening not only within your organization, but also outside of it, you’ll be better positioned to fight risk and protect sensitive data.

Download research on how cybersecurity leaders approach threats today: Cybersecurity Solutions for a Risker World