New security methodology shifts threat response left, giving security team a serious edge
Sixgill, a leader in threat intelligence enablement and enrichment, has pioneered a preemptive incident response methodology, Continuous Investigations/Continuous Protection (CI/CP). The CI/CP framework empowers security teams to respond to threats in real-time and then continuously improve their security protections, proactively disrupting future attacks. It is enabled by developments in automated threat intelligence and enhanced investigative processes.
“The same old, reactive ways of doing things are no longer adequate,” said Omer Carmi, Vice President of Intelligence at Sixgill. “Just as the world of agile development taught engineers to move fast at the pace of business, CI/CP presents a new standard that meets the needs of contemporary security ecosystems, in which threat actors can execute attacks and test defenses in milliseconds.”
Implementing CI/CP enables security teams to respond to threats with the most updated intelligence picture and then generate fresh, relevant intel to further enhance incident detection, prevention, and response. The methodology is centered around an infinity loop that relates singular threats to the larger security landscape, improving the performance of security teams, platforms, and processes.
The CI/CP framework relies on real-time threat intelligence processes to empower a full-cycle of agile responses. Automated processes seamlessly collect, analyze, research, and respond to intelligence incidents. Layered on top of automated processes is a research protocol that builds human judgment into threat response. By following CI/CP, analysts can quickly investigate the cause of a security incident and integrate this intelligence into their security practices.
“CI/CP consolidates threat data into an agile, investigative, contextual framework that modernizes security practices,” Carmi said. “This is a way of doing things that can break the security silos that exist between IT, the SOC, MSSPs, and third-party vendors, reducing costs and adding new capabilities while accelerating incident response.”