Skip to content Skip to footer

Loading Results

Toward new possibilities in threat management

Unifying threat intelligence and sharing in the cloud

Most business leaders know that they are responsible for cybersecurity and privacy threats, wherever and whenever they occur across their enterprise systems. To do so, a real-time threat-intelligence and information-sharing program is needed.

The challenge? Threat management is a multifaceted, complex discipline that relies on multiple interconnected systems to gather, correlate and analyze threat information from disparate sources. A cloud-centric approach can help reduce complexities by combining analytics from multiple sources and solutions without compromising data security. The cloud model delivers computational power to monitor and analyze all digital interactions and create a unified repository of information to yield actionable intelligence.

A cloud-based threat-intelligence program can help defend against intrusions before they occur. Ultimately, this will help build competitive advantages by protecting customer data, business assets and brand reputation.

Moving toward new possibilities with advanced technologies

Many organizations are proactively adopting or updating key technologies that are essential to gathering and analyzing threat intelligence.  Few capabilities are more fundamental to proactive threat intelligence than real-time monitoring and analytics. This year, more than half of respondents say they actively monitor and analyze threat intelligence to help detect risks and incidents.

These technologies provide contextual awareness of threats and an understanding of the tactics, techniques and procedures of adversaries. When analytics and threat intelligence are synthesized in the cloud, it becomes possible to create a single source of enterprise-wide data.

Another trend lies in adaptive authentication. As IT systems capture increasingly more information, businesses are starting to leverage additional data points to identify suspicious behaviors and patterns. Adaptive authentication uses data such as the user’s login time and location, patterns of access and type of device to detect aberrant activity.

There is no off-the-shelf solution for adaptive authorization. Instead, it combines existing tools such as security information and event management (SIEM) to create a risk profile. 

Tapping into a network of information sharing resources

As cyberthreats become increasingly sophisticated, many organizations are sharing critical threat intelligence with business peers, industry groups and government agencies to collectively advance cybersecurity intelligence and capabilities.

Information sharing can provide actionable intelligence that enables organizations to gain visibility into their most relevant risks and more quickly detect and respond to incidents. To be truly effective, the information-sharing system should be able to ingest data, analyze activity, classify and validate threats, and push alerts—all in real time. It should also deliver contextual information about how threats impact an organization’s specific environment.

As with any new platform that aims to be interoperable with multiple disparate systems, data types and external organizations, there are considerable challenges. Chief among them is a lack of a unified framework for information sharing.

Contact us

Alexei Okishev

Partner, Digital Solutions Development Center Leader, PwC Russia

Tel: +7 (495) 967 6000

Vitaly Sokolov

Partner, Risk Assurance, Cybersecurity Leader, PwC Russia

Tel: +7 (495) 967-61-53

Follow us