Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Click Here to Read the Report
Nov 25 2024
Security

Review: Discover Risks Before They Worsen with Google Threat Intelligence

Its ability to analyze billions of threats and personalize that data for a healthcare environment makes Google Threat Intelligence a powerful asset.
by

John Breeden II is an award-winning reviewer and public speaker with 20 years of experience covering technology.

Malicious actors targeting healthcare organizations are a given these days. The value of patient data is as good as gold for planning secondary attacks. Plus, cybercriminals know that many smaller hospitals are underfunded and understaffed when it comes to IT security, which make them a tempting target for ransomware.

However, simply adding more security platforms on top of existing defenses may not help if the threats arrayed against healthcare are not fully addressed and tracked.

That is where the Google Threat Intelligence platform can provide an invaluable and powerful service. Deployed through the cloud, it tracks billions of threats and bad actors every single day, analyzes them and directs highly specific, actionable intelligence to protected organizations.

Click the banner below to learn why cyber resilience is essential to healthcare success.

x-cyberresillience3-static-2024-na-desktop x-cyberresillience3-static-2024-na-mobile

 

Google Threat Intelligence Offers Much-Needed Insights

At the heart of the platform, Google Threat Intelligence uses four key elements to keep track of global threats. First is the Mandiant Intel Grid, which was recently purchased by Google. That real-time network consists of more than 4 million guest instances set in over 100 countries. Those instances are attacked thousands of times every hour. Additionally, attack information gathered from Gmail and Google Chrome, plus everything submitted through VirusTotal, is added to the tracker. That makes for possibly the world’s biggest network for captured threat intelligence.

All of that raw intelligence would easily overwhelm almost any security team. Thankfully, Google Threat Intelligence lets users personalize their feeds and power their dashboards based on industry, location and other factors. For example, in testing, I set up my feed as if I were a healthcare facility operating in the U.S. That gave me a wealth of intelligence about threat actors, active campaigns and tactics being used by real adversaries trying to disrupt healthcare operations.

Google Threat Intelligence

 

A Powerful Platform to Bolster Healthcare Security

The threat intelligence can be further customized to include all of the public-facing assets at a healthcare facility so that active campaigns can be quickly and easily matched with existing infrastructure and security. For example, I could easily see if my test hospital had any infrastructure that was being targeted by active threats aimed at healthcare in my area, discover how those bad actors implemented attacks in other places, and learn how to inoculate and monitor my systems against any similar attacks.

The security landscape for providers will only become more challenging, but knowing your enemy is half the battle. Google Threat Intelligence will ensure that no healthcare facility is caught by surprise when attacked. Instead, malicious actors will find a well-informed and properly designed defense ready to protect this critical industry.

SPECIFICATIONS

PRODUCT TYPE: Cloud-based threat intelligence platform
DEPLOYMENT: Software as a Service
CAPABILITIES: Personalized threat intelligence, attack surface management, post-breach analysis tools
THREAT INTEL SOURCES: Chrome Safe Browsing, VirusTotal, Mandiant Threat Intelligence, Gmail (phishing)
ADDITIONAL FEATURES: Dark web and website spoof monitoring

Threat Hunting with a Powerful Partner

Google Threat Intelligence is extremely effective when it comes to preventing attacks, but the platform is also an invaluable resource for threat hunting.

Threat hunting is one of the most difficult tasks in cybersecurity. Security analysts who do this work follow their hunches to uncover evidence of intrusions or threats that may not have triggered any alarms. They take seemingly unrelated events and piece them together as a detective would. It’s hard work, but when successful, the reward is stopping potentially devastating attacks before they can strike.

Often, threat hunters have to act alone. But Google Threat Intelligence, with its rich data sets and interactive dashboards, makes for a perfect partner in that endeavor.

DISCOVER: Purple team exercises enhance threat management strategies.

In testing, my network beaconed out to a strange URL once in the middle of the day. Using that small amount of data to launch my investigation, I first examined the URL to see if it was malicious. I also checked to see if the site was being used or was owned by any known threat actor group or if it was previously tied to any malware.

Looking at the beaconing behavior itself, I could compare the asset in question and the techniques being employed to known threat actors. I could also discover any similar behaviors happening in the network. Finally, I could compare that activity to the timelines of active threat campaigns to see if they matched; yet another indication that an attack, or its precursor, was underway at my pretend facility.

A talented threat hunter might have put together the same picture of that attack, including most of those elements, but it would not have been easy and would certainly have taken a lot of time without Google Threat Intelligence. The platform not only cuts down the time needed by threat hunters to confirm an intrusion and start remediation but also frees up IT professionals’ time to perform more investigations critical to cybersecurity.

More On

Related Articles