How to Begin Your Security Intelligence Journey

Posted: 17th December 2019
How to Begin Your Security Intelligence Journey

Editor’s Note: Over the next several weeks, we’re sharing excerpts from the newly released second edition of our popular book, “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program.” Here, we’re looking at chapter 14, “Moving Toward a Security Intelligence Program.” To read the entire chapter, download your free copy of the handbook.

Contextualized, real-time security intelligence helps everyone in cybersecurity — no matter the team or department — better anticipate threats, respond to attacks faster, and make smarter decisions on how to reduce risk. Intelligence can be applied to numerous facets of an organization’s security strategy to enable a shift toward a more proactive, comprehensive approach.

As the military strategist and Taoist philosopher Sun Tzu once said, “Know your enemy and know yourself, and you can fight a hundred battles without disaster.” This infamous quote perfectly sums up security intelligence — an approach that amplifies the effectiveness of security teams and tools by exposing unknown threats, informing better decisions, and driving a common understanding to ultimately accelerate risk reduction across the organization.

The security intelligence philosophy stands on three principles: threat intelligence, digital risk protection, and third-party risk reduction. Adopting this philosophy empowers organizations to get real insights into the risks they face, and streamline how their teams work to make better use of valuable human resources.

The following excerpt is a recap of our handbook’s final chapter, edited for length and clarity. We hope you’ll find the handbook’s practical information and advice useful as you make the shift toward a security intelligence program.

The 3 Principles of Security Intelligence

The security intelligence philosophy means leading with intelligence across threat prevention, third-party risk management, and brand protection strategies — these principles can either stand alone to streamline your efforts, or work in harmony to accelerate your risk reduction exponentially. This approach is rooted in three principles:

1. Threat intelligence must provide the context to make informed decisions and take action.

Threat intelligence needs to be timely, clear, and actionable. It has to come at the right time, in a form that is understandable. It should enrich your knowledge, not complicate the decision-making process. It should help put everybody in your organization on the same page.

2. Machines and people work better together.

Machines can process and categorize raw data orders exponentially faster than humans. On the other hand, humans can perform intuitive, big-picture analysis much better than any artificial intelligence — as long as they’re not overwhelmed with sorting through huge data sets and doing tedious research. When people and machines are paired, each works smarter, saving time and money, reducing human burnout, and improving security overall.

3. Threat intelligence is for everyone.

No matter what security role you’re in, threat intelligence makes a difference. It’s not a separate domain of security — it’s context that helps you work smarter, whether you’re staffing a SOC, managing vulnerabilities, or making high-level security decisions. But to make things easier, not harder, threat intelligence should integrate with the solu­tions and workflows on which you already rely, and it should be easy to implement.

Whether you are just kicking off your security intelligence initiative or you are many years into your strategy, efficiently reducing risk is the ultimate goal.

Get the Threat Intelligence Handbook

Intelligence is not “one size fits all.” The security applications of threat intelligence in your business depend on the nature of your organization and your existing information security strategies and capabilities. Read the full chapter for a quick reference guide, which outlines a range of intelligence goals aligned with specific security teams. You can use these goals to help identify and prioritize your security activities.