Why CISOs Are Investing in Cyber Threat Intelligence

October 15, 2014 • Greg Barrette

Recently, we had the wonderful opportunity to host a webinar featuring Threat Intelligence Expert and Principal Analyst, Rick Holland of Forrester Research, Inc. Rick discussed why a chief information security officer (CISO) should invest in cyber threat intelligence. Here are some highlights from the webinar.

75% Say Threat Intelligence is a Top Security Priority

Forrester’s threat intelligence survey found establishing and improving threat intelligence is a top security priority with 75% of respondents answering in the affirmative. The practice of threat intelligence is seen as both established and emerging, touching many key industry verticals including defense, industrial, oil and gas, financial services, pharmaceutical, healthcare, and retail. Rick noted many information security teams are on a shopping spree, buying threat intelligence tools (feeds, platforms, etc.) left and right. Although, Rick offered caution before investing. He advises to spend money when your team is ready and avoid chasing “silver bullets.”

Strategic Intelligence Program is Essential

It’s critical for organizations to build a strategic intelligence program. This doesn’t mean just going out and buying a bunch of feeds! Programs will differ from company to company but every purchase should serve a business purpose. Your intelligence strategy must answer critical business questions. For example, what threats are you trying to protect against? Which assets and people need to be protected?

To help answer these questions, one needs to distinguish between strategic intelligence and operational intelligence.

Strategic intelligence has a broader scope, providing information that allows an organization to make smart, proactive decisions. An example may be a specific threat actor that poses a risk to your business. Operational intelligence is more technical in nature and includes information related to the current conditions in the threat landscape. An example may be a malicious IP address or domain name your security infrastructure should be aware of and defend against.

A successful strategy incorporates both dimensions. Rick explains in detail the key building blocks of a threat intelligence program starting with the “Intelligence Cycle.”

How to Win With Threat Intelligence

For you to leverage threat intelligence successfully, your program must proactively anticipate attacks and provide countermeasures to prevent or reduce the threat’s ability to operate.

Threats don’t always exist within a vacuum! There can be warning signs from internal and external sources. Internal indicators may include operating in a new geography or rolling out a new product. External indicators may involve recent hacktivist activity or geopolitical tensions.

To get all of Rick’s insights in full detail, check out our on-demand webinar titled, “Why CISOs Are Investing in Cyber Threat Intelligence.”