Digital transformation initiatives and hybrid IT increases risk and drives the need for digital risk protection. Threat intelligence programs must accommodate this requirement. While indicators of compromise (IoCs) and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence (CTI) needs have grown over the past few years, driven by things like digital transformation, cloud computing, SaaS propagation, and remote worker support. In fact, these changes have led to a CTI subcategory focused on digital risk protection. DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets.”Earlier this month, I examined ESG research on enterprise CTI programs. CISOs are investing here but challenges remain. I’ve also dug into the CTI lifecycle. Nearly three-quarters (74%) of organizations claim they employ a lifecycle, but many describe bottlenecks in one or several of the lifecycle phases.ESG defined cyber threat intelligence as, “evidence-based actionable knowledge about the hostile intentions of cyber adversaries that satisfies one or several requirements.” In the past, this definition really applied to data on IoCs, reputation lists (e.g., lists of known bad IP addresses, web domains, or files), and details on TTPs. How digital risk protection drives cyber threat intelligence adoptionThe intelligence part of DRP is intended to provide continuous monitoring of things like user credentials, sensitive data, SSL certificates, or mobile applications, looking for general weaknesses, hacker chatter, or malicious activities in these areas. For example, a fraudulent website could indicate a phishing campaign using the organization’s branding to scam users. The same applies for a malicious mobile app. Leaked credentials could be for sale on the dark web. Bad guys could be exchanging ideas for a targeted attack. You get the picture. It appears from the research that the proliferation of digital transformation initiatives is acting as a catalyst for threat intelligence programs. When asked why their organizations started a CTI program, 38% said “as a part of a broader digital risk protection effort in areas like brand reputation, executive protection, deep/dark web monitoring, etc.” The research also indicates that 98% of enterprises now have some form of DRP in place.Most important digital risk protection functionsTo delve further into DRP, ESG asked security professionals to define the most important DRP functions at their organizations. Here are the top six responses: Vulnerability exploit intelligence: Vulnerability management programs regularly reveal hundreds or thousands of software weaknesses, but how do you decide which ones to mitigate first? By knowing which vulnerabilities the bad guys are exploiting. DRP can align vulnerabilities and known exploits, providing useful intelligence for patching prioritization. Note that this can also be done with risk-based vulnerability management tools (e.g., Cisco/Kenna, Ivanti, or Tenable).Takedown services: The UK National Cyber Security Center defines takedown services as follows: “Takedown services aim to reduce the return on investment for attackers by removing sites and blocking any attack infrastructure to limit the harm that these attacks can cause.” When fraudulent phishing sites or mobile applications are discovered, takedown services are the shortest path toward risk mitigation.Leaked data monitoring: Whether it’s an insider attack, employee negligence, or sloppy behavior, data leaks are all too common. DRP seeks out leaked data before it can lead to corporate damage.Malicious mobile application monitoring: So-called “grayware” can corrupt user devices or sully an organization’s reputation. DRP intends to find and squash them on legitimate and underworld app stores.Brand protection: Brand protection safeguards the intellectual property (IP) of companies and their associated brands against counterfeiters, copyright pirates, patent infringements, etc. These may be associated with phishing sites or even phony physical goods. DRP scans the Internet for imposters, fakes, and scams.Attack surface management (ASM): ASM is the continuous discovery, monitoring, analysis, and remediation of all assets on the attack surface. In some cases, ASM is included as part of DRP services.DRP can also include dark web monitoring for gossip about an organization and potential targeted attack planning. This intelligence can help organizations get their shields up. Rather than spin up a DRP program, many use DRP service providers like CrowdStrike, Cybersixgill, Digital Shadows (Reliaquest), Intsights (Rapid 7), Mandiant, Proofpoint, and ZeroFox.Regardless of its form, DRP must be part of a mature cyber threat intelligence program. Before folding these two areas together, CISOs should approach DRP with a threat intelligence lifecycle approach. Successful DRP programs will be driven by the creation of clear priority intelligence requirements (PIRs), strong analysis, customized intelligence reports, and continuous feedback. Related content news NIST is finally getting help with the National Vulnerability Database backlog NIST is paying Analygence $865,657 to help process incoming CVEs. By Paul Barker Jun 04, 2024 3 mins Threat and Vulnerability Management Vulnerabilities news Major service tag security problems reported in Microsoft Azure Microsoft has opted not to fix the issue reported by Tenable Research, but many defend that decision, arguing that this should be decided by CISOs based on their environment. By Evan Schuman Jun 04, 2024 5 mins Cloud Security Security Practices Vulnerabilities news Atlassian’s Confluence hit with critical remote code execution bugs The input validation bug enables an authenticated attacker to exploit the privileges to inject malicious codes. By Shweta Sharma Jun 04, 2024 3 mins Vulnerabilities feature Breach and attack simulation tools: Top vendors, key features, how to choose BAS products simulate attacks to test a company’s defenses against threat vectors. The following guide can help you make the right choice for your organization. By Maria Korolov Jun 04, 2024 13 mins Cyberattacks Penetration Testing Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe