Moving Toward a Security Intelligence Program
October 29, 2019 • The Recorded Future Team
For the past 10 years, Recorded Future has focused on empowering organizations to take a proactive approach to cybersecurity. We’ve done this by collecting and analyzing threat data from the broadest range of sources and producing threat intelligence to help organizations gain insight into the intentions and techniques of cyber adversaries. This enables them to work smarter and stop threats faster. Since the beginning, our work has been grounded in three fundamental ideas:
1. Threat intelligence must provide the context to enable informed decisions and take action.
Threat intelligence is knowledge that allows you to prevent or mitigate cyberattacks. To be effective, threat intelligence needs to be timely, clear, and actionable. It has to come at the right time, in a form that is understandable. It should enrich your knowledge, not complicate the decision-making process. It should help put everybody in your organization on the same page.
2. People and machines work better together.
Machines can process and categorize raw data orders exponentially faster than humans. On the other hand, humans can perform intuitive, big-picture analysis much better than any artificial intelligence — as long as they’re not overwhelmed with sorting through huge data sets and doing tedious research. When people and machines are paired, each works smarter, saving time and money, reducing human burnout, and improving security overall.
3. Threat intelligence is for everyone.
No matter what security role you play, threat intelligence makes a difference. It’s not a separate domain of security — it’s context that helps you work smarter, whether you’re staffing a SOC, managing vulnerabilities, or making high-level security decisions. But to make things easier, not harder, threat intelligence should integrate with the solutions and workflows you already rely on, and it should be easy to implement.
Embracing a Broader Security Philosophy
These concepts guide and motivate all that we do at Recorded Future. And today, as organizations become increasingly cloud-based, distributed, and complex in their push for digital transformation, the need for actionable, automated threat intelligence for everyone has never been greater. Yet, as digital businesses continue to evolve, they’re being bombarded with cyber threats from all angles — from the open web and dark web, to partners and third parties, to brand attacks, to internal threats — and digital risk is at an all-time high. Without a true, comprehensive view of their entire threat landscape, organizations are vulnerable to attacks that could disrupt or even completely stop business.
As our team continues to innovate and evolve our solutions to help modern organizations proactively mitigate risk and stay ahead of threats of all kinds, we’ve embraced a broader philosophy for security that addresses holistic organizational risk in the digital age.
Security Intelligence: Greater Than the Sum of Its Parts
We call this comprehensive philosophy security intelligence because it goes beyond just threat intelligence (though threat intelligence remains a key principle), and encompasses digital risk protection and third-party risk management — all powered by our leading technology, the Security Intelligence Graph. This is not new technology for Recorded Future, but it is a new philosophy for how to amplify the effectiveness of security teams and tools. Embracing security intelligence as the common thread in exposing unknown threats, informing better decisions, and driving a common understanding, ultimately enables you to accelerate risk reduction across your organization.
Here is a look at each of the three principles of the security intelligence philosophy:
1. Threat Intelligence
Contextualized threat intelligence is a vital component of any truly proactive security intelligence strategy. Machine learning and automation make it possible to consume and analyze massive amounts of threat data from technical sources, technical research, open sources, and closed and dark sources. By correlating these relevant, real-time insights with internal network data, organizations can drive faster and more informed security decisions.
2. Brand Protection
Fake accounts, apps, and websites are often designed to profit from maliciously redirected or accidental traffic, but they can also result in major damage to an organization’s brand reputation. These accounts can host inappropriate content and target customers with phishing scams. Additionally, these fake domains can host malware or trick users into giving away their credentials, representing a serious security risk to consumers. Comprehensive security intelligence must include brand protection to help organizations quickly identify and respond to reputational threats to their brand and digital risks to their and their customers.
3. Third-Party Risk Management
Digital connections with suppliers, partners, contractors, agents, temporary workers, and others are now so critical that organizations share confidential and sensitive information with 583 parties on average. While these relationships undoubtedly add business value, they also introduce significant new risk and compliance challenges. Contextualized security intelligence helps organizations better analyze and understand risks originating from their third-party ecosystems, so they can address issues more quickly and confidently.
Together, these three principles of security intelligence guide a comprehensive security strategy with broad, actionable intelligence at the foundation. Ultimately, security intelligence helps teams working in security operations, incident response, vulnerability management, risk analysis, threat analysis, fraud prevention, and security leadership make better, faster decisions and amplify their impact.
The newly released second edition of our popular book, “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program,” offers actionable best practices for organizations shifting toward this comprehensive security intelligence approach. Whether you are just starting a security intelligence initiative or are extending a mature program, the handbook is a must-read to help you efficiently reduce risk.
You can also take a behind-the-scenes look at how the technology behind security intelligence really works and enables security analysts to protect their organizations from present and future threats by downloading our new white paper on the Security Intelligence Graph.
This is only the start. Watch this space, as we will soon be publishing a series of blogs that explore each of these three principles of the security intelligence philosophy, how they reinforce each other, and how they can be addressed with a single technology platform.
Start making your move toward security intelligence today!