Skip to main content

An Intelligence-Driven Security Program | Optiv

January 23, 2015

Threat intelligence is a term that causes some people to roll their eyes – mainly because they’ve been relentlessly bombarded with the typical hype and hyperbole. The fact is, a modern enterprise security program that does not draw from an intelligence-driven approach lacks focus and is effectively missing something crucial.

The Case for Intelligence

If you have spent any meaningful span of time in enterprise security, odds are that every security program you have worked with has had all the same elements over the last decade or so – perimeter security (a firewall, IPS, etc.), endpoint protection (antivirus on the workstations, servers), and maybe a log analysis engine (SIEM). While I have no doubt there are many well-defended, and truly defense-in-depth networks out there, a staggering percentage are still stalled in the basics.

Modern adversaries are resourceful, adaptive, and dynamic – almost the opposite of the networks they attack and infiltrate. It is no surprise; therefore, that we can’t turn on the news without hearing about another massive data breach impacting millions. Credit card data, healthcare records, intellectual property – all pilfered. Costs and losses are piling up in the billions. Whether the attackers are advanced and persistent or not, they seem to have no difficulty busting through the same old defenses. The old way is simply not working, and I’m not convinced it ever really worked anyway.

Security intelligence is not a magic wand and does not provide a quick fix for decades-old security issues, but the case for threat intelligence as part of your overall enterprise security program is clear. Threat intelligence promises to focus security’s capabilities, identify weak points, and increase the efficacy of prevention, detection and response mechanisms. These are no small claims and should not be taken lightly.

More than once I have heard a CISO say, “If only we knew where and how the attackers were going to strike, we could have prevented the breach!” This is usually followed by a sarcastic smile or shoulder shrug as if to say there are no such crystal balls. In fact, there aren’t, but there is definitely something better than what many security programs are working with today – a hope and a prayer. The fact is there is enough quality intelligence being generated out there through open- and closed-source intelligence providers that knowing who, where and how is not entirely out of the question.

Demystifying the Hype

Threat intelligence has lost much of its momentum due to the market confusion and divergence often blamed on various vendors’ marketing pitches. While it may be convenient to blame vendors, the trouble is that even if you ask two subject-matter experts what threat intelligence is, you will likely get at least two different answers. Is threat intelligence a data feed? Yes. Is it a set of tools? Yes. Is it a capability to effectively triage and case manage? Yes. The fact is that threat intelligence means something vastly different in the intelligence community and among experts than it does in the enterprise when approached as a program component.

A threat intelligence program is an enterprise capability to leverage data, tools, and processes together with human assets to approach security in a smarter way. This means focusing on actual threats which comes from data analyses, human interaction and a well-grounded understanding of things like high-value assets and business processes. It is in the clarity of understanding of our own organizations that external threats become relevant. Context is king.

A threat intelligence program has the capability to feed our defensive tools to adjust to adversaries and their dynamic techniques. For example, a threat intelligence program alerts us to the fact that years of medical research and development at America’s biotech companies is being targeted by nation-state actors, trying to short-cut billions of dollars and time in a race to enrich profits (and lives) in another corner of the globe. More important than simply alerting security organizations of these facts, threat intelligence also provides collective know-how to defend more intelligently against these adversaries, leveraging potentially existing tools and processes – only smarter and more effectively.

A modern enterprise security program that does not leverage threat intelligence to aid decision-making and to drive focus is critically lacking the necessary tools to combat today’s dynamic adversaries. Simply put, security organizations still utilizing static defenses and best-guess security without having the insight into their enemies’ tactics stand virtually no chance. The importance of a meaningfully designed business-aligned and strategically implemented threat intelligence program as a part of the broader enterprise security strategy should not be understated.

For a deeper foundational understanding and background on threat intelligence, we encourage you to read our Threat Intelligence Solution Primer and look for additional material coming soon that will provide additional clarity on strategic, operational and maturity aspects of effective enterprise threat intelligence programs.

Related Blogs

April 24, 2013

Cyber Security Flaws We All Know and Love

Joseph Belans provided an excellent presentation at BSides titled "Hacking like it's 1999: Security Flaws We All Know and Love." Below is a video rec...

See Details

April 23, 2013

Top Threats: The Insider Threat Is Proficient

When a business begins to think about security, they typically want to know what threats they are facing and how to protect against them. They will hi...

See Details

September 25, 2017

DDoS Threats: Are Your Third Parties Protecting You?

There’s evidence that ransomware may be evolving beyond holding data hostage. In recent news, DDoS attacks were used as a threat against organizations...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

November 12, 2014

Empowering the CISO

A security-focused business culture can empower the CISO to effectively perform their job, and allow them to become a respected member of the “C” leve...

See Details

July 29, 2016

2016 Cyber Threat Intelligence

Learn how Optiv’s cyber threat intelligence solution helps clients improve their threat response approach.

See Details

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.