What Is Threat Intelligence, Anyway?

April 28, 2016


This article was authored by Idenhaus' Director of Cybersecurity, Derek Christensen.

Threat Intelligence is experiencing its 15 minutes of fame as this year's cybersecurity buzzword. It was a session topic at last month's RSA Conference - From an Unknown Discipline to Cyber-Buzzword - and is considered a "must have" for all security analysts. Practically everyone is going on about the need for threat intelligence and the various appliances and companies that can provide "the best" threat intelligence.

So what does all of that mean and how does it apply to your business?

Making Sense of the Noise

Most vendors don't do a good job of defining what they mean by threat intelligence. If the average decision maker or information technology professional were to walk through a cybersecurity trade show floor, they would be inundated with the amount of threat intelligence offerings by a diverse range of companies, providing a plethora of services. These services include:

  • Analyzing multiple threat feeds to identify possible attacks
  • Information about possible threats by expert analysts
  • Indicators of malicious activity

With daily news reports of breaches, intrusions, and billions spent on liability, when a decision maker sees this wonderful piece of technology which promises to identify intrusions and malicious actors penetrating the network, he just has to have it. How could any decision maker not think, "I need this and I need it now!" 

What is left out at the trade show is a discussion of the proper way to implement the tools and make the best use of the threat intelligence appliance. It's easy to believe the hype and drop thousands of dollars on a nice piece of hardware. It's much harder to make that hardware work for you. In the end, there are no silver bullets.  

Applying Threat Intelligence

In all fairness, most threat intelligence companies will tell you that a threat intelligence appliance does not give you threat intelligence. The ability to take the data provided and apply it to your specific network environment is what provides actual threat intelligence. What does that mean?

Threat Intelligence is a long-term commitment and will not (normally) provide immediate return on investment.

There's only one way to do threat intelligence right: companies must invest in people, process, and technology to obtain an institutional knowledge of its network and its behavior as part of the larger Internet.

I've previously discussed how people, process, and technology work together to provide a cohesive cybersecurity environment. Threat Intelligence is a perfect example of how all 3 of those sides of the triangle fit together.

  1. People: A good foundational group of analysts are required to interpret the data from your internal networks and apply the threat intelligence information from your provider.
  2. Process: Processes need to be in place to ensure the data is being analyzed regularly and how to handle the information once analyzed.
  3. Technology: The technology must be able to meet the needs of the business.

What Does It Mean for Your Business?

That is the million dollar question. Larger companies have the finances and corporate structure to build an internal threat intelligence organization for their networks. The demand has been so great that some large corporations have an unlimited budget for cybersecurity needs - an unheard of move for bottom-line driven enterprises.

Regardless of size, every business can have its own threat intelligence, it just depends on the resources available. The only catch is dedicated cybersecurity professionals are a requirement. With dedicated cybersecurity professionals, any company can build a comprehensive understanding of its network.

Threat Intelligence, under the guise of the industry buzzword, offers a wealth of information from outside sources, which may or may not apply to your networks. By paying attention to industry chatter and having a good institutional knowledge of how the network functions and its unique characteristics, your company can reap the benefits of actionable threat intelligence.

If you enjoyed this post, please like and share with your network. Signup for our biweekly insights and follow @Idenhaus on Twitter for more articles on threat intelligence. 

Photo Credit: Flickr

More News