Threat Intelligence: Music or Noise?POSTED BY CYRILLE BADEAU
During my college days, I played guitar in a band and it was rarely easy. Practicing in my bedroom so that I could learn how to play the song correctly was difficult, but with time I sounded pretty good. However, delivering that same song in a harmonious way when playing with the entire band was another story. We had to adjust a lot in order to create the perfect sound, and so we spent a lot of time disagreeing on details. Fortunately, we had a strong band leader who was able to make decisions and define a clear direction.
There are a lot of similarities between threat intelligence and the music world. Threat intelligence is made up of multiple, aggregated threat data points (music notes) turned into relevant intelligence for your organization (your own music track). This music track should represent your own way of building and consuming threat intelligence in order to combat the threats that matter most to your organization in a holistic and synchronized way. Each organization should play its own music track and nobody can write it for you. It has to come from your own internal artists, even if they are inspired by others most of the time.
The main challenge today in creating this music track stems from the fact that your musicians are organized in silos (the CSIRT, SOC, Risk Management, Vulnerability Management, Endpoint, Perimeter team, etc.). Each of these teams plays a different instrument what is supposed to add beauty to your music, but they all gather their music sheets from their own sources in various formats and rhythms and start playing without considering the band.
At the end of the day, you get noise and inefficiency.
A Threat Intelligence Platform is designed to aggregate the music notes coming from all available sources (external inspiration and internal touch), ingest all possible music sheets from any format and rhythm, and then turn these raw notes into one unique music track to be played by the entire band with your own arrangements. This music track evolves in real time as relevant threats are a moving target modified daily by your own threat detection and feedback. The Threat Intelligence Platform also ensures that all musicians receive in the real time the specific music sheet they need for their instrument (SIEM, IR Ticketing, Web Proxy, EDR, etc.).
Much like our band leader did for our band back in college, with a threat intelligence platform your band can play harmonious music, efficiently.