First things First: Define Your Threat Intelligence ProgramPOSTED BY JARROD SIKET
If you look at the stats that Jon Oltsik, ESG senior principal analyst, cites in his article about operationalizing threat intelligence you’ll quickly see that a third of all organizations ESG surveyed are having a heck of a time getting the results they want from threat intelligence.
The first reason Oltsik points to is that they haven’t rationalized their threat intelligence program.
Simply put, they aren’t able to get their arms around what threat intelligence to buy and how to use the assortment of threat intelligence feeds they already have. And, I would add, they haven’t approached threat intelligence with a full appreciation for the role it can play in their organization.
For years security analysts have focused on front line defenses – being tactical and reactive. They’ve lacked the ability to be proactive by applying a higher level of intelligence to emerging threats. It reminds me of the disadvantage boxers had against Muhammad Ali, who famously quipped, “Float like a butterfly, sting like a bee, your hands can’t hit what your eyes can’t see.” To thwart Ali you had to be able to anticipate the unlikely path he’d take to knock you down and literally beat him to the punch.
As a security analyst you need to do the same. As Couch explained in his post, conversations now need to shift from “we blocked a million events this month” to “we stopped ransomware attacks which would have cost the company $2M.” That’s one of the ways a threat intelligence program can help you beat adversaries to the punch.
To rationalize your threat intelligence program Oltsik advises that you start by understanding who consumes what type of threat intelligence and for what purpose. From there you can identify any gaps and inefficiencies so you can build a program that meets the needs of the all your stakeholders, not just security but compliance, risk and executive management. There are a few more steps along the way to operationalizing threat intelligence, but it begins with a solid threat intelligence program. Check out the article to learn more.