Skip to main content

The First Two Steps – Operationalizing Enterprise Threat Intelligence, Really

May 04, 2016

Threat intelligence, about three years after it became the talk of RSA Conference, is still a hot topic for the enterprise. Rightfully so, as it’s a powerful tool when deployed with purpose and goals in mind. The trouble is that’s not typically the case. I’m not suggesting the old “no one is doing it right” – far from me to make that claim. What I’m claiming is that the experience of a significant number of my clients starts with looking at threat intelligence products. But that isn’t the right place to start; there is front-end work that needs to be done to get the most out of your investment.  Let me explain.

The analogy that feels right here is rust proofing on a new car. Every dealer used to sell it – but why? If you’re on the brink of making a significant investment in a threat intelligence “thing,” I want you to do two things first. It’s simple, and while it doesn’t seem like it’s particularly cool, it’s the two most important things you can do.

Threat Intel

First, go find your stakeholders. Who is going to care about your threat intelligence product? Who will consume the intelligence you will produce, and what will they do with it? Someone needs to be your champion, and find value in what you’re about to spend money on. It’s preferable that the someone is a business leader rather than an IT employee, but sometimes beggars can’t be choosers. Go identify those stakeholders. Go have an in-person conversation about what the whole threat intelligence thing is all about, and what value you see for them. You’ll find lots of me-too supporters, but as you dig in and start asking for money commitments, many of those will fall away. Find your core group of stakeholders, your champions. They’re the base you’ll build this thing on.

Next, get your stakeholders’ requirements. Requirements drive collection plans, analysis and distribution models, execution strategies and so much more. Keep in mind what your stakeholders want and what you’re able to deliver can often be miles apart. So, make sure you do careful analysis of requirements and set expectations grounded in reality, not hype. 

Seems easy, right? It’s not. I promise you this is not a trivial exercise. I do these in workshops fairly regularly, and what should be an hour or two exercise can easily take up half a day. That’s quite alright though these two things are the core and foundation on which you’re going to build an enterprise threat intelligence program. Business-aligned requirements that are realistic and pulled from the right stakeholders will make or break your threat intelligence program.

On that note, I thought I’d invite you all (if you happen to live in the Los Angeles area) to come out to a workshop I’m giving on the topic at The Eighth Annual Information Security Summit. I’m essentially cramming four days of hard-core program building into a half-day session that will give you the fundamental skills to start off right. Think of it as a self-help course in how to make yourself a healthy breakfast so you can have a great rest of your day. Except that we’re talking about potentially hundreds of thousands of dollars in budgetary spend, headcount and products and services spun up over the course of months and years. An effort for sure…and you’re going to want to set that effort off on the best possible footing.

Check out the threat intelligence workshop I’m leading and the talk I’m delivering and absolutely stop by and say hello. I’ve enjoyed being the guest of the Los Angeles ISSA chapter the last few years and always enjoy the warm reception, so this year I’m giving back to you members. If threat intelligence is on your enterprise security roadmap, or if you’re curious whether this is something you should even be thinking about, come out, register and let’s spend a few hours together. We’ll talk honestly, from a perspective that is backed by more than 800 hours and dozens of peer contributors across a wide array of market verticals, company sizes and maturities.

See you in the City of Angels in a few weeks!

Related Blogs

February 07, 2018

Intelligence Bulletin – When Cryptomining Attacks

Optiv has seen a continuation of attacks based off the usage of CryptoNight miner, in this case likely mining Monero cryptocurrency for the attackers....

See Details

March 08, 2018

Part 2: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

In part 1 of this series, we provided insights responding to the frequent question regarding control frameworks and their place in the security strate...

See Details

February 28, 2018

Part 1: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

During hundreds of strategy, risk and compliance engagements, Optiv’s consultants often have been asked very thoughtful and deep questions about contr...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

April 30, 2009

Creating a Solid Information Security Program

A successful security program is not run like a dictatorship but rather like a partnership, one of the team, all fighting for a common cause. In order...

See Details

April 19, 2018

Cyber Threat Intelligence-as-a-Service

Learn how Optiv’s Cyber Threat Intelligence-as-a-Service solution provides you with an advanced "beyond the perimeter" capability as a part of your cy...

See Details

January 12, 2017

Information vs. Cyber Threat Intelligence

Cyber threat intelligence should always enable decision making and action, but what good is a cyber threat intelligence program if you take no action ...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.