As I was traveling to SecureWorld's cybersecurity conference in Charlotte this week, I heard something at airport security I haven't heard before: "I need assistance, I've got a no-fly lister!"
It sounded like someone was about to discover they could not board a flight.
It's against this backdrop that I read an article in the Harvard Business Review in which the author proposes your business will be safer if you institute a cyber no-fly list.
What would the list do? Provide threat intelligence. In other words, context around all web traffic coming into your network so you can automatically exclude the traffic from known or suspected bad actors.
Here's what a challenging job this has become, according to Hugh Njemanze, CEO at Anomali, who authored the article.
"Based on what threat intelligence platform providers have seen, just four years ago researchers were tracking around 100,000 cyber threat indicators. Today the threat indicators number in the hundreds of millions. A large enterprise easily records over 1 billion network and system events per day. To gain visibility into all active cyber threats in the network, an organization would have to look at all of those events and evaluate them against hundreds of millions of threat indicators. Doing this effectively requires having powerful tools to identify the malicious traffic hidden in vast quantities of legitimate traffic."
In his article, Njemanze also argues there is no "one size fits all" approach. Every company has a unique threat landscape. So therefore, companies should build their own unique cyber no-fly list.
And he says, the more companies that do this, using threat intelligence tools, the better the collective intelligence of business will be.
"The cyber no-fly list approach works because it leverages one of the most effective tools in warfare—intelligence. By knowing in advance who existing and potential foes are, enterprises can take proactive steps to stop them from passing through their gates."
If you use threat intelligence tools now, would you say you have already created a cyber no-fly list, and is it making your network safer?