Threat Intelligence Done Right Can Transform Your Security, so What Are You Waiting For?
By Chris Pace on June 12, 2018
There’s an old saying that goes, “What you don’t know can’t hurt you,” but in the digital age where cyber threats look to sneak under the radar and operate undetected in your organization, it’s really never been more untrue. Valuable insights into the machinery being used to attack you or the motivations of the attackers themselves have become useful tools to proactively defend your business from ongoing or emerging attacks.
Using intelligence gathered from beyond your network perimeter would seem like a no-brainer then, especially when we consider the advantages that this kind of information can bring to a wide number of functions in your security program.
There are two potential routes that are most commonly taken on a journey to implementing threat intelligence:
1: Centralized Threat Intelligence Team
This method means building out a team responsible for the analysis and delivery of threat intelligence. Usually, this will require some significant investment and the expertise of experienced analysts, but could potentially be outsourced to a trusted service provider. You can find out more about setting up this kind of team from our white paper, “How You Can Produce a World-Class Threat Intelligence Capability.”
2: Threat Intelligence Integrated in Security Roles
In this approach, rather than asking dedicated threat analysts to produce intelligence, you put the right intelligence in the hands of security professionals as part of their day-to-day job. The real advantage here is the speed in which you can begin to see value from threat intelligence. And the absolute priority in this particular methodology is ensuring that this intelligence is consumable for each particular security role.
We’re going to look more closely at the second route, so you can see the benefit of adding threat intelligence to a variety of different roles and how quickly you can begin to integrate threat intelligence into your own security program.
Threat Intelligence for Everyone
The idea that any role in security can make immediate use of threat intelligence might seem like a pipe dream, but actually, this all comes down to how relevant and understandable that intelligence is. Here are a few examples of how a number of different roles can augment threat intelligence into their other workflows:
Security Operations — Intelligence that integrates with existing security platforms adds vital context to alerts from internal event and log data.
Incident Response — External threat intelligence arms the incident responder with vital context. This knowledge can hugely accelerate the initial phases when responding to an incident.
Vulnerability Management — Patch managers and other vulnerability management professionals can augment vulnerability scanning with real-time context around CVEs, helping them prioritize patching with insights into proof of concepts, exploits, and malware.
CISOs and Security Leaders — Threat intelligence helps to build a picture of the threat landscape, accurately calculate cyber risk, and arm security personnel with the intelligence and context they need to make better, faster decisions.
By combining internal and external data points, genuine intelligence can be produced that is both relevant to your organization and placed in the context of the wider threat landscape.
If you want more detail on how intelligence can be used by these roles in security, you can download our free white paper, “Busting Threat Intelligence Myths: A Guide for Security Professionals.”
But if we’re talking about how quickly this intelligence can be incorporated into your security, we do need to consider how to add it to existing infrastructure.
Not Another Time-Consuming IT Deployment
Having got this far, you might be thinking that this sounds like a leap forward in your security, that it’s bound to mean a time-consuming, invasive, and potentially expensive process to make it work with the technology you already have. Actually, this is one area where external threat intelligence has a significant advantage: quick integration with existing security software.
Due to the massive volume of available data, both internal and external, human security teams are simply unable to keep up with basic tasks. Machines, on the other hand, can perform this type of task with ease, so long as they have the data necessary to do so, which is why integration between threat intelligence solutions and other security systems works so well.
Because you’re simply adding a layer of intelligence that other technologies can use to correlate against or to enrich basic data, it’s perfectly suited to integrating with SIEM, incident response, and vulnerability management solutions.
Super Powers for Security Staff
By adding this layer of intelligence we’ve described into the work that your teams are already doing, you can improve their capabilities, enabling them to more effectively prioritize threats, deal with alerts, and investigate indicators. This extra intelligence leads to more confidence in your teams’ work. But that’s not all — you also improve the efficiency of these teams, as this consumable intelligence makes them faster too.
This integration of intelligence into existing teams and technologies means you don’t need to necessarily make more investments in personnel or expertise, as you’re more effectively equipping your existing teams and making the most of the technology they already have.
Where Would You Start?
You certainly don’t need to add intelligence to all of the functions that can benefit immediately, but you can focus in on areas in which intelligence might make the biggest impact. For example, using intelligence to streamline your vulnerability management.
You should look for places where the advantages of an integration with security software you’ve already invested in would make the most sense. If you’ve already made significant investment in a SIEM which is heavily used you’ll likely get the most from adding threat intelligence there.
For more advice on the areas where threat intelligence might rapidly make a difference in your security program, take a look at our free guide, “5 Reasons to Integrate Threat Intelligence Into Your Security Right Now.”