How Threat Intelligence Helps CISOs Make Better Security Decisions

Posted: 15th May 2018

Key Takeaways

  • Risk management is central to the role of modern CISOs — allocating available resources and budget to best minimize cyber risk.
  • Objectively measuring cyber risk can be extremely difficult, particularly when the threat landscape changes rapidly (as it often does).
  • Threat intelligence provides CISOs with a means of measuring cyber risk in real time.
  • Genuine threat intelligence puts internal data into the context of the wider threat landscape, facilitating faster, better decision making.

There are many misconceptions about threat intelligence.

Some people think it’s just about accumulating threat feeds or PDF reports. Others think it leads to information overload, which is true ... but only when it’s implemented poorly.

Perhaps the most damaging misconception about threat intelligence is that it’s only for elite analysts.

In reality, threat intelligence can help almost anyone within the security function to make better decisions by providing relevant, actionable, real-time intelligence.

And whose decisions have the highest stakes? The CISO (chief information security officer).

CISOs are responsible for every aspect of security. They design the structure of the security function, make key hiring decisions, and determine where their organization’s limited resources will be invested.

And when you’re making so many high-stakes decisions, it pays to have something to base them on.

The CISO’s Top 3 Challenges

Everything a CISO does is, to some extent, governed by risk. Since no person, process, or technology can ever be infallible, effectively managing risk is the only sensible security strategy.

But in attempting to make risk-based decisions, CISOs are faced with three major challenges.

1. Context

Modern security technologies are great at providing huge quantities of data. Firewalls, endpoint security products, spam filters, and a whole host of other technologies all produce alerts that can help a CISO understand the specific strengths and weaknesses of their organization.

Unfortunately, internal data is only half of the equation. Based on purely internal data, most organizations could identify dozens of areas for improvement but have no idea which was most urgent. For instance, is it more important to invest in anti-phishing training or in EDR? Which team would most benefit from additional personnel? Which processes are outdated and in need of improvement?

Without an understanding of the external threat landscape, CISOs lack the context necessary to make accurate, risk-based decisions.

2. Speed

Risk isn’t a static metric. The level of risk surrounding a specific asset or attack vector rises and falls as the threat landscape fluctuates.

For example, while social engineering is a perennial favorite with threat actors in most industries, other threat vectors such as ransomware have gone in-and-out of fashion over the past few decades. To make things even harder, the risk posed by a certain attack vector can change dramatically overnight with the discovery of a new exploit or release of a new malware variant.

As a result, making truly risk-based decisions is functionally impossible unless you have an understanding of how the threat landscape lies right now.

3. Scarcity

No organization, no matter how large or well funded, can defend against every possible attack vector.

Admittedly, scarcity is not a problem unique to the world of cybersecurity. Unfortunately, though, between the widely publicized skills gap and the sheer number of threat vectors to defend against, the lack of vital skills and resources is nonetheless a huge issue for every CISO.

So when forced to make difficult decisions about where and how to invest limited resources, it’s essential that CISOs have the information and context necessary to make the right decision — in this case, the decision that reduces the organization’s cyber risk profile by the greatest amount.

Making Better, Faster Decisions

So how does threat intelligence solve these problems? By providing CISOs with a powerful way to understand cyber risk in real time.

Threat intelligence provides CISOs with a comprehensive picture of the latest threats, security events, and industry trends. When this is combined (automatically) with internal data, powerful threat intelligence solutions will highlight the most important areas for improvement — which types of vulnerability should be addressed first, which attack vectors pose the greatest threat, which recent security announcements are most relevant to the organization, and so on.

In other words, threat intelligence assists decision making by:

  • Placing internal data into the context of the wider threat landscape, enabling CISOs to identify their organization’s most pressing threats and vulnerabilities.
  • Providing insights in real time, shorn of false positives, ensuring vital decisions aren’t delayed.
  • Helping CISOs allocate scarce security resources by highlighting the most important areas for investment within their specific organization.

The Power of Threat Intelligence for All Security Professionals

At the start of this article, we highlighted a major misconception about threat intelligence: that it’s only for elite analysts.

The truth is very different.

Threat intelligence is about providing security professionals of all specialisms — from vulnerability management and incident response to security operations personnel and CISOs — with the tools and intelligence they need to make faster, better decisions, and proactively respond to the current threat landscape.

To see how threat intelligence can benefit the entire security function, specifically within your organization, read our latest white paper, “Busting Threat Intelligence Myths: A Guide for Security Professionals.”