Learning to Build the Right Threat Intelligence Team for Your Enterprise
Predict 21: The Intelligence Summit Register Today

Threat Intelligence Fits All: Learning to Build the Right Threat Intelligence Team for Your Enterprise

November 16, 2015 • Caroline Flannery

Threat intelligence is the act of formulating an analysis based on the identification, collection, and enrichment of relevant information. To make a threat intelligence program work successfully, an enterprise must determine the right fit – that is, they must create an environment in which the right resources, right team members, and right goals are all in alignment.

The Enterprise Fit

Every organization’s enterprise fit is unique, but one thing is true of all organizations: applying threat intelligence to an existing business requires coalition building. Not all enterprises have a standalone threat intelligence team; many organizations embed this functionality within the incident response program, and some organizations have an ever broader composition within the general security or security operation center (SOC) functions.

“Organizationally, (in the enterprise) a threat intelligence capability may be comprised of a subsection within incident response, or it may be its own team. The threat intelligence program should provide deliverables to adjacent security groups and to the business itself, where possible,” writes Gundert in his white paper, “Aim Small, Miss Small: Producing a World-Class Threat Intelligence Capability.”

Trying It on for Size

There is no one-size-fits-all in today’s security landscape, especially as it relates to threat intelligence. Whatever your organization’s current makeup, to develop a successful threat intelligence program, the threat team must work well together and with other business units to understand the core business, existing operational defense workflows and requirements, and strategic assets.

Getting everyone on the same page and working towards a unified goal is not always an easy task, however. Recorded Future’s Levi Gundert recently recorded a webinar explaining how to overcome the political inertia that often accompanies building a threat intelligence team.

Like a Glove

Gundert shares how to avoid conflicts of interest and workload duplication by focusing on intra-organization collaboration. “The interaction and workflow between operational defense teams should be pre-planned, and technical details around data sharing should facilitate easy integration for the teams responsible for making security verdicts,” Gundert writes. He also provides a roadmap for creating a continuous feedback loop between the threat intelligence team and other operational functions that will help your enterprise facilitate data sharing and communication.

To learn how to create the right enterprise fit for your organization, download the white paper and watch the accompanying webinar.

To learn more about how Recorded Future can benefit your threat intelligence capability, contact us to schedule a personalized demo, or come meet us in person at one of these upcoming events.

New call-to-action

Related Posts

Why Monitoring the Dark Web is Essential for Third-Party Risk Management

Why Monitoring the Dark Web is Essential for Third-Party Risk Management

May 13, 2021 • Trevor Lyness

The dark web is often portrayed as vast, mysterious, and out of reach for companies without...

Simplify and Accelerate Threat Hunting with High-Speed, High-Confidence Threat Intelligence

Simplify and Accelerate Threat Hunting with High-Speed, High-Confidence Threat Intelligence

April 15, 2021 • Neha Mehra

As your attack surface continues to grow -- expanding into the cloud and employees working from...

How Contextualized Intelligence Maximizes Security Outcomes in SecOps Tools

How Contextualized Intelligence Maximizes Security Outcomes in SecOps Tools

April 14, 2021 • Ellen Wilson

As the attack surface grows,  it’s difficult for security teams to maintain a comprehensive,...