Businesses look to fusion centers to tackle cyber intelligence overload

Companies are increasingly automating the analysis of cybersecurity threats alongside other types of risks through so-called fusion centers, as the sheer amount of information received daily from various sources threatens to overwhelm human analysts. .

Usually, security teams comb through tons of alerts from governments, cybersecurity vendors, and nonprofit intelligence-sharing consortia to prepare their defenses.

Businesses can receive hundreds of thousands of data points in a single day, said Anthony Belfiore, director of security at professional services company Aon PLC, which means trained staff are often busy sifting through data points. intelligence on threats that, within large organizations, may become isolated. Aon launched a fusion center late last year to bring together different teams and analyze threat data using machine learning, Belfiore said.

“It’s much better to have your intelligence on an impending attack an hour after it hits the wires, where it would normally take a large company two to three days to find it,” he said. . “Some guys are two weeks away.”

The move to an automated platform, he said, allowed him to reassign at least four full-time security staff to other tasks, such as incident response and application security.

The fusion center model is proving to be the most popular among large enterprises, many of which have an international footprint and face broad threats to physical security and cybersecurity. Recently, the damage that cyber attacks can cause has become evident as businesses in the United States and abroad have rushed to respond to high-profile hacks from Texas-based software provider SolarWinds. Corp.

and Microsoft Body

Exchange Server software.

MasterCard Inc.

opened its first fusion center in Saint-Louis in 2017, said security director Ron Green, adding that the company opened another in Belgium last year and is planning a third in the Asia-Pacific region. The financial services firm’s merger center, which Green says led the response to the SolarWinds attack, shares information with dozens of other organizations.

“It’s like a network of connectivity between fusion centers,” Green said. “Since our fusion center sees something that affects one of our partners, we will share that with the partner, and our partners will share what they see with us. “

Learn more about professional cybersecurity

State and local authorities began building a nationwide network of fusion centers – numbering 79 today – after the terrorist attacks of September 11, 2001, in an attempt to share data and coordinate responses with the Department of internal security. Some civil liberties advocates have criticized the model as opening the door to extended surveillance.

While officials at nearly all government-run fusion centers consider the fight against terrorism a priority, according to a DHS survey released last year, a growing number of people are also seeing cybersecurity and critical infrastructure as a priority. key areas.

U.S. officials have separately called for more cyber collaboration with the private sector, including through fusion centers.

At Mastercard, bringing together representatives from 26 teams helped the company analyze the threat of Covid-19 phishing campaigns and share the information internally, Green said. The company’s fusion center, which relies on departments such as security, legal and communications, produces quarterly threat reports and can create task forces around specific incidents.

“They act as a single unit rather than 26 different units,” Mr. Green said.

While sorting cyber information is the foundation of Aon’s platform, Belfiore said the company plans to incorporate other information about risks that could be part of cybersecurity. Data on geopolitical risks, for example, physical security alerts, information on natural disasters and other developments can all be analyzed in the same way and will often involve each other.

“All of these different factors can really give you a much better idea of ​​your actual risk in an operating model,” he said.

Write to James Rundle at [email protected] and David Uberti at [email protected]

Copyright © 2021 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

About Donald J. Beadle

Check Also

QCRI builds cyber intelligence platform to defend against security threats

Dr Issa Khalil Doha: Scientists from the Qatar Computing Research Institute (QCRI) at Hamad Bin …