Cyber Threat Intelligence – Who Needs It?
Are You Taking Cyber Threat Intelligence Seriously?
Your Security Operations Center is up and running.
You have your monitoring team set up,
your incident response team are champing at the bits,
and you have a designated threat intelligence operative.
But are you prioritizing correctly?
While most companies are getting better at acting on intelligence,
they are still lagging in terms of turning data into intelligence.
The SOC collects vast amounts of data that not even the most diligent intelligence researcher can cover.
Regardless if you have a good system set up the task is overwhelming,
and you will at best have a rough triage.
There are several products on the market that will help you perform this triage,
but the tool is only as good as the hand that wields it.
The question is how much you have prioritized Threat Intelligence
in your overall security strategy.
In most companies the threat intelligence team make up about 5% of the SOC,
but given the vast amount of data that needs to be sifted through this is rarely enough.
The role of Threat Intelligence
Is to create evidence based reports pertinent for your situation on the threat climate in which you operate.
Without this knowledge it is impossible for you to make strategic prioritizations
or tactical decisions to ensure your Cyber Security.
For the Threat Intelligence team to be effective
they need to not only know about the ecosystem of threats,
but they need to be aware in detail of the operating procedures of malevolent actors,
their motivations and intents as well as their capabilities.
From the moment your SOC becomes active
they will be flooded with data, both internally collected and externally provided.
While external threat reports might give you indications of what to look for,
there is still a significant amount of noise that needs to be filtered through
in order to find out what is relevant for you.
On top of that you have the countless internal system logs
that need to be combed through to provide actionable data.
The only way for this to happen is for you to take Threat Intelligence seriously
and make it a prioritized team within your SOC.
You can have the best response team in the world,
but if your intelligence is off, they won’t know what to look for.