The use of threat intelligence to tackle the massive onslaught of cybersecurity threats that plague enterprise computing is no passing fad—it’s not merely a buzzword for your clients to blow past. Those on the front lines of keeping businesses’ computing resources safe from attack are testifying to its importance. As reported at eSecurity Planet, a recent survey indicated that 95 percent of security professionals rely on threat intelligence in some way.
To effectively implement threat intelligence to prevent threats and mitigate damage, strategy is the name of the game. So, what does it take to turn the tools available out there into a functional way to anticipate, assess, and respond to cyberattacks? Knowing the following three components of a threat intelligence strategy will let you build a strategy that protects your customers’ networks and their data.
1. Good Data Sources
Having reliable streams of information about what sort of security events are happening throughout an industry, throughout a geographic region, or throughout a specific type of app or operating system is the foundation of a good threat intelligence strategy. Platforms that enable cross-enterprise intelligence sharing, like cloud-based anti-malware platforms that upgrade threat profiles in real-time across all of the businesses with the tool implemented, are also critical in allowing some of the incredible bulk of the analysis to be automated.
That doesn’t mean, however, that threat intelligence platforms on their own are good enough. The next crucial component of a digital threat intelligence strategy is…
2. Good Threat Intelligence Analysts
In most any cybersecurity pursuit that’s reliant on analytics, the quality of the people reading the data is at least as important as the quality of the data themselves. We haven’t yet reached a point where the task of interpreting everything that’s happening on the cybersecurity landscape is a fully automated one—and we may never.
Reading threat intelligence relies on both the technical knowledge to make sense of intelligence coming out of different sources and an understanding of what’s going on in the broader cybersecurity world. When an analyst is reading threat intelligence, he or she is asking him- or herself questions: Who are the actors behind the threat, and what are they looking for? Are our current systems adequately protected given what could be coming, and, if not, how should we direct resources? How likely is this threat to impact us specifically? What might this threat’s next move be if the current spate of malware attacks is blocked across the industry?
Threat intelligence isn’t just about determining what attacks are incoming at the moment; it’s about determining how to position resources to harden networks against attacks in the future. That takes an element of speculation of which only analysts who are very tech-savvy, very well-informed, and very personally engaged and creative in their thinking are capable.
3. Good Policies, Procedures, and Chain of Command
In order for intelligence to be actionable, there has to be a coherent and consistent way to act on it. This may seem obvious in the abstract, but when you think about how enterprises actually function, it’s easy to see how a threat intelligence strategy can get hung up in this regard. For instance, an analyst might discover that a new type of phishing scam is targeting his or her area of business. But in an enterprise in which the IT department is seen as a silo responsible solely for managing networks and there to just “make things work,” the business will not be able to take the adequate steps to move against the potential threat. Even if it’s someone’s role to read and interpret threat analytics, he or she might find him- or herself resigned to making reports to be discussed two months down the road in a meeting when the need to act on digital security threats is immediate.
In such a case, investments in quality threat intelligence solutions and quality analysts are wasted. To make sure this kind of inefficiency doesn’t hamstring a threat intelligence strategy, the analysts and the IT department should be empowered to act or to authorize action and should be treated as important advisors on setting, evaluating, and updating IT policies.
How have you seen digital threat intelligence effectively implemented?