This vendor-written tech primer has been edited to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
As cyber security threats have become increasingly sophisticated and pervasive, it's become impossible to identify and defend against every probable attack with traditional security budgets. That's where threat intelligence comes in. Effective use of threat intelligence is a way for businesses to pool their resources and overcome internal technical or resource limitations. Theoretically, it allows companies to "crowd source" security and stay one step ahead of malicious entities.
But that only holds true if it can be consumed as actionable intelligence. Unfortunately for many organizations, disjointed security solutions and departmental silos have made threat intelligence hard to implement across the organization and consequently, ineffective. Without the means to make threat intelligence actionable, it's just data. Data won't save your company from a targeted attack when human analysts are unable to quickly make use of it throughout decision support tools across the organization.
The challenges are two-fold. Technical silos and a lack of cooperation "across the aisle" driven by the fact that actionable intelligence can mean different things to different stakeholders. For instance, cyber analysts, operations managers, incident responders, lawyers, auditors and business risk managers all have slightly different contextual lenses. They don't have a lingua franca for risk, nor do they measure risk in the same way. However, today it's more important than ever that organizations find ways to work across silos, break down barriers to success and align stakeholders to better utilize threat intelligence.
There are five common reasons threat intelligence fails today:
While these are all very real challenges, there are some steps you can take right now to begin breaking down silos and enable threat intelligence to flow more freely throughout your organization:
* Identify Integration Opportunities: Depending on an organization's maturity level and existing technology investment, the first step may be to identify opportunities for tighter technology integration and the automation of threat intelligence feeds. Automating information sharing across stakeholders ensures an organization's governance rules are followed and removes delays introduced by human operators and processes.
* Find Your Stakeholders: Take an internal census and identify the stakeholders who might have knowledge, data and expertise to facilitate threat intelligence sharing. In addition, identify who might need to consume that information quickly in order to secure critical assets. Without a full accounting of your internal stakeholders, assets and capabilities, it will be hard to get an effective plan in place.
* Uncover Efficiencies: Often the internal census above will reveal duplicate needs for threat intelligence feeds across the organization, allowing for mutually beneficial opportunities for streamlining intelligence sharing. This can be the basis for a larger transformational business case, such as being able to reduce human resource requirements in multiple areas at once, which will be readily accepted regardless of the metrics used to measure success.
Sign up for CIO Asia eNewsletters.