top of page
  • Komodo Research


Updated: Oct 23, 2023

training module

Are You Taking Cyber Threat Intelligence Seriously?

Your Security Operations Center is up and running.

You have your monitoring team set up,

your incident response team are champing at the bits,

and you have a designated threat intelligence operative.

But are you prioritizing correctly?

While most companies are getting better at acting on intelligence,

they are still lagging in terms of turning data into intelligence.

The SOC collects vast amounts of data that not even the most diligent intelligence researcher can cover.

Regardless if you have a good system set up the task is overwhelming,

and you will at best have a rough triage.

There are several products on the market that will help you perform this triage,

but the tool is only as good as the hand that wields it.

The question is how much you have prioritized Threat Intelligence

in your overall security strategy.

In most companies the threat intelligence team make up about 5% of the SOC,

but given the vast amount of data that needs to be sifted through this is rarely enough.

The role of Threat Intelligence

Is to create evidence based reports pertinent for your situation on the threat climate in which you operate.

Without this knowledge it is impossible for you to make strategic prioritizations

or tactical decisions to ensure your Cyber Security.

For the Threat Intelligence team to be effective

they need to not only know about the ecosystem of threats,

but they need to be aware in detail of the operating procedures of malevolent actors,

their motivations and intents as well as their capabilities.

From the moment your SOC becomes active

they will be flooded with data, both internally collected and externally provided.

While external threat reports might give you indications of what to look for,

there is still a significant amount of noise that needs to be filtered through

in order to find out what is relevant for you.

On top of that you have the countless internal system logs

that need to be combed through to provide actionable data.

The only way for this to happen is for you to take Threat Intelligence seriously

and make it a prioritized team within your SOC.

You can have the best response team in the world,

but if your intelligence is off, they won’t know what to look for.

82 views0 comments


bottom of page