Operating on All Cylinders: Why Operational Data Is the Foundation of an Effective Threat Intelligence Program

Operating on All Cylinders: Why Operational Data Is the Foundation of an Effective Threat Intelligence Program

November 23, 2015 • Caroline Flannery

Data is the foundation of all threat intelligence programs.

Without reliable data, threat analysts are unable to look for and find emerging threats to the business. With the wealth of data available from myriad sources, automated processing of external attack data is critical to the success of a threat intelligence program; manually ingesting and processing data is unwieldy, time-intensive, and far less accurate than automation. Getting the process of automating operational data right, therefore, should be a high priority for every organization.

“A useful threat intelligence program automates the processing of external attack data from all available sources. This ensures that an organization is aware of external attacks and that internal incidents are identified based on derivative internal searching using the external attack data,” clarifies Recorded Future’s Levi Gundert, in his white paper, “Aim Small, Miss Small: Producing a World-Class Threat Intelligence Capability.”

Putting the Pieces in Place

A mature threat intelligence program includes at least one full-time, talented, and experienced data architect, says Gundert.

The data architect designs systems and develops an automated workflow that allows him or her to quickly and easily store, process, and correlate internal and external data, which in turn allows for identification of threats. This individual will also lead efforts to work with external vendors that supply threat data, and build internal tools that automate the extraction of operational data from various and varying data delivery methods.

Gundert illustrates, “one data source may arrive via email and contain a CSV file or PDF file, and another data source may arrive via an API. Regardless of delivery and form type, operational data should be ingested and processed programmatically. “

Automating the collection, sorting, and correlation of operational data is just one aspect of a data architect’s threat intelligence responsibilities. Once the data has been processed, whether it’s from an external vendor or an internal system, the architect must then continuously tune the controls, based on the strategic analysis of the threat data, which help prevent future incidents.

Building Your Support Structure

Managing operational threat data is a challenging job that requires a high level of skill, patience, and constant refinement. There are many aspects to consider when defining the role of the data architect within a threat intelligence capability. Hear Gundert explain what elements should be included in the operational process – that which feeds the strategic analysis of the data – or download his new white paper to learn how to up your operational data game.

Want to learn more about Recorded Future’s threat intelligence solution?

Contact us today and we’ll show you how our threat intelligence can improve your data collection, sorting, correlation, and contextualization so that you can focus on finding emerging indicators of compromise to your business.

New call-to-action

Related Posts

New Year, New SOC — 2022 is the Year for Integrated Intelligence

New Year, New SOC — 2022 is the Year for Integrated Intelligence

January 20, 2022 • Matt Ellis

The beginning of any year is a natural time to take stock of your processes, resources, and systems...

How to Make the Attack Lifecycle Actionable with Intelligence

How to Make the Attack Lifecycle Actionable with Intelligence

January 13, 2022 • Jake Munroe

The Cyber Attack Lifecycle and Cyber Kill Chain are time and again used as the primary reference...

Using Intelligence to Defend Two of the World’s Largest Cities

Using Intelligence to Defend Two of the World’s Largest Cities

December 16, 2021 • Matt Ellis

How do you protect the two most populous cities in the United States New York City and Los Angeles...