When implemented and managed properly, threat intelligence is one of the cornerstones of a sound cyber security strategy. The trouble? So many organizations are unable to integrate it correctly.
Dark Reading contributor Ericka Chickowski offered an insightful piece on just this realization. Her story, “5 Reasons Enterprises Don’t Get Enough Value From Threat Intelligence,” outlined five areas organizations need to focus on to truly realize the benefits of their investment and commitment to greater cyber security.
Chickowski provides data that suggests that not only is the market so flooded with different products with the “threat intelligence” label, but there are also real issues with the data that is collected. It’s simply not actionable. It’s also no secret that collecting and analyzing massive data is a major challenge for many security operations teams.
The suggestions also outline challenges around data sources, contextualization and responsibility. It’s a sound list. But Armor offers three additional considerations that provide valuable context for organizations seeking methods to optimize their threat intelligence strategies.
- Tool Configuration: The best tools in the world will be wholly ineffective if they aren’t configured and integrated properly. To have a true impact on your business, translate your data feeds into actionable intelligence to strengthen your greater security posture.
- Collective Intelligence: Threat feeds are one source of intelligence. Your personal data is another. Assuming your organization has built an actionable threat intelligence process, also consider integrating and learning from hundreds or thousands of real-world examples. This shared learning will make your organization that much more effective against advanced threats. Be careful not to overextend your security team with even more data that can’t be processed.
- Lack of Proactive Intelligence: Inbound data feeds are important, but you may miss significant indicators of compromise if you remain idle waiting for insights to present themselves. Hint: they won’t. Build proactive processes that seek out intelligence in hidden places (e.g., Dark Web).This approach will help you discover company threats (e.g., mentions of domains, products or company) and technology threats (e.g., products you use) that will help you defend your organizations before threat actors are able to execute a targeted attack.