Why CISOs Are Investing in Cyber Threat Intelligence

October 15, 2014 • Greg Barrette

Recently, we had the wonderful opportunity to host a webinar featuring Threat Intelligence Expert and Principal Analyst, Rick Holland of Forrester Research, Inc. Rick discussed why a chief information security officer (CISO) should invest in cyber threat intelligence. Here are some highlights from the webinar.

75% Say Threat Intelligence is a Top Security Priority

Forrester’s threat intelligence survey found establishing and improving threat intelligence is a top security priority with 75% of respondents answering in the affirmative. The practice of threat intelligence is seen as both established and emerging, touching many key industry verticals including defense, industrial, oil and gas, financial services, pharmaceutical, healthcare, and retail. Rick noted many information security teams are on a shopping spree, buying threat intelligence tools (feeds, platforms, etc.) left and right. Although, Rick offered caution before investing. He advises to spend money when your team is ready and avoid chasing “silver bullets.”

Strategic Intelligence Program is Essential

It’s critical for organizations to build a strategic intelligence program. This doesn’t mean just going out and buying a bunch of feeds! Programs will differ from company to company but every purchase should serve a business purpose. Your intelligence strategy must answer critical business questions. For example, what threats are you trying to protect against? Which assets and people need to be protected?

To help answer these questions, one needs to distinguish between strategic intelligence and operational intelligence.

Strategic intelligence has a broader scope, providing information that allows an organization to make smart, proactive decisions. An example may be a specific threat actor that poses a risk to your business. Operational intelligence is more technical in nature and includes information related to the current conditions in the threat landscape. An example may be a malicious IP address or domain name your security infrastructure should be aware of and defend against.

A successful strategy incorporates both dimensions. Rick explains in detail the key building blocks of a threat intelligence program starting with the “Intelligence Cycle.”

How to Win With Threat Intelligence

For you to leverage threat intelligence successfully, your program must proactively anticipate attacks and provide countermeasures to prevent or reduce the threat’s ability to operate.

Threats don’t always exist within a vacuum! There can be warning signs from internal and external sources. Internal indicators may include operating in a new geography or rolling out a new product. External indicators may involve recent hacktivist activity or geopolitical tensions.

To get all of Rick’s insights in full detail, check out our on-demand webinar titled, “Why CISOs Are Investing in Cyber Threat Intelligence.”

New call-to-action

Related Posts

6 Ways to Supercharge Your Risk Reduction With Recorded Future in 2020

6 Ways to Supercharge Your Risk Reduction With Recorded Future in 2020

February 19, 2020 • The Recorded Future Team

Today, Recorded Future announced plans to introduce new modules designed to help security and IT...

Why ServiceNow and Recorded Future Are Better Together

Why ServiceNow and Recorded Future Are Better Together

February 18, 2020 • The Recorded Future Team

Your organization’s security operations and incident response teams are hard at work keeping the...

The Definitive Guide to Reducing Risk: Launching at RSA Conference 2020

The Definitive Guide to Reducing Risk: Launching at RSA Conference 2020

February 12, 2020 • The Recorded Future Team

What’s the best approach to enterprise security The prevailing consensus in the industry has...