Many cybersecurity organizations are of the opinion that threat intelligence can prevent, or if not prevent entirely at least lessen, the impact of successful breaches.
While this is likely true, I don’t think every organization automagically benefits from threat intelligence. In fact, having threat intelligence fed into an immature organization won’t likely do much good. Bad decisions can be made on bad information, and even good information can cause trouble when it can’t be properly acted upon. To be able to effectively act on threat intelligence, enterprises need a number of capabilities in place. Here are three:
A good response capability. Imagine information comes in that attackers are targeting your industry, and they are doing so by exploiting certain vulnerabilities in a commonly used application in the industry – but there’s no established way for the organization to respond. Who is responsible for hardening the application? The security team? Operations? If it’s a small organization is it the developers? A little bit of everyone? Who makes sure what changes need to be done are actually done? There’s no sense in investing in threat intelligence if there’s no way to respond intelligently.
Possess a healthy postmortem culture. Not only do organizations need to be able to respond to new threat intelligence, they also need the processes – and the culture – to be able to analyze how well they responded to the new information. This means looking at what worked – and what didn’t work, with the process designed to be empathetic to help those improve who didn’t respond as well as possible. It’s important to also regularly evaluate how the program remains aligned with business objectives.
Obtain an accurate handle on assets. The nature of the IT environment, business value of applications and data need to be completely understood if an organization is going to be able to adequately respond to new threat intelligence. After all, if an organization does not have awareness about the nature of the enterprise IT infrastructure, applications, and where data resides it is pretty inconceivable that they’d be able to understand threat intelligence data and how it changes security posture.
These three capabilities enterprises must have in place before they adopt threat intelligence aren’t hard and they are most certainly implementable. Unfortunately, however, too many enterprises that attempt to implement threat intelligence just forge ahead without laying such a proper foundation.
Despite this, Grand View Research predicts considerable investment in threat intelligence in the years ahead:
It’s good to see that enterprises want to make more intelligence decisions when it comes to their security defenses and investments. And if they don’t have good intelligence, it’s tough to imagine that they’d be making great security decisions. Likewise, if the right foundation isn’t in place it’s just as difficult to see anyone being able to reap the benefits from their threat intelligence efforts. And if they want to start fully benefiting from their threat intelligence they need to make sure the right foundation is in place.
tags
George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.
View all postsDon’t miss out on exclusive content and exciting announcements!