Ready, Set, Intelligence: Black Hat 2019 Recap
August 16, 2019 • Ellen Wilson
If you attended Black Hat 2019 in Las Vegas last week, you may have noticed a new interactive game at the Recorded Future booth: Ready Set Intelligence.
Hundreds of security professionals raced against the clock to answer everyday security questions using the Recorded Future Portal. Over the course of the two-day event, attendees not only walked away with exclusive prizes, but also with a new understanding of what it means to be “ready” and “set” for integrating intelligence into their security processes.
And luckily, as our game showed, it’s not as complicated as you may think.
Intelligence, Exclusively for Everyone
Threat intelligence is about giving security professionals in any role or with any amount of experience the context and information they need to respond quickly and proactively to threats. So, organizations that are looking to improve their threat research, analysis, and response times can consider themselves “ready” for implementing intelligence in their organization, especially if they have a clear understanding of the current security processes, technology, and areas that intelligence could make the most impact and drive faster, more informed decisions.
For the SOC, this could mean more context for faster alert triage. For vulnerability management, it means evidence-based prioritization of patching. The list goes on and on for all security roles, and even extends beyond the security team altogether. Because security and risk management isn’t just the security team’s responsibility — it’s everyone’s.
For example, many departments, such as finance and legal, are involved in assessing the risk stature of a potential third party. Third-party risk is just one aspect of a vendor’s risk profile that must be communicated and understood by the rest of the organization to develop a risk-free relationship with vendors. So for the teams involved in third-party risk management, intelligence could provide evidence-based scoring of an organization’s risk stature, allowing them to remediate any concerns before finalizing a business relationship.
With so many uses for intelligence in your organization, you may be wondering where to start. The answer, like in our Black Hat game, is straightforward: start simple. Pick the workflow where you think your team would see the most impact using a threat intelligence solution in place of manual threat research.
For many Recorded Future clients, this first workflow is alert triage. SIEMs generate thousands of security alerts each day, and it’s just far too much information for SOC analysts to research and process manually. In fact, nearly half of alerts go completely uninvestigated. But by enriching internal alerts with external threat intelligence, security teams gain unique insights to triage alerts faster.
Recorded Future arms analysts with this vital external information by using an automated approach for threat intelligence collection. We gather data from the broadest set of sources and use natural language processing and analytics to connect disparate data points across the web, then aggregate these data points into intelligence that’s surfaced in real time wherever you need it.
Armed with real-time risk scores for indicators, SOC analysts can quickly determine which alerts should be prioritized first and easily dive into more information if further investigation is required. And by reducing this triage and investigation time, SOC analysts can now resolve more incidents faster — in fact, 63% faster — and spend more of their time on higher-value work, such as optimizing even more security processes with intelligence.
No matter your security role, threat intelligence can help you get the answers you need, when and where you need them. It’s really as simple as Ready, Set, Intelligence.
For more information on how you can get started with threat intelligence in your organization, download our complimentary e-book, “5 Ways to Supercharge Your Security With Threat Intelligence.”