To Optimize Threat Operations, Start with Customized ScoringPOSTED BY RYAN TROST
Did you know that the threat scores intelligence providers and “blackbox” TIPs provide are generic, global risk scores? They aren’t specific to your company, or even your vertical. That’s one of the reasons why teams can end up wasting a significant amount of time chasing ghost alerts (false positives). You need a way to quickly re-score providers’ intelligence – aligning it to your own risk posture and prioritized based on threats specific to your environment – so you get the maximum benefit from threat intelligence. And you need to be able to keep those scores up to date and relevant, reflective of what’s happening. If you’re a regular reader of our blog you know that Ryan Trost, our CTO and Co-Founder, has a lot to say about scoring and what it takes to get the right intelligence to the right tools at the right time. Now he’s captured those insights in a new whitepaper, Optimizing Threat Operations: Prioritize Threat Intelligence through Scoring. In this paper you’ll learn about scoring best practices, how to easily customize ThreatQ’s intelligence-scoring algorithm for your environment, and use cases that demonstrate how to discern which threats are real and which are forcing you to chase ghosts. The design of the intelligence scoring algorithm is based on real-world experience to ensure the algorithm works for teams of various maturity levels. It puts you in control of your own destiny, which makes sense since nobody knows your environment better than you. And you get score transparency so you always know how the score was calculated and re-calculated as new information is appended to it. See for yourself how threat scoring, when done right, is essential to optimize threat operations for your environment.