Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Actionability Doesn’t Mean I Have to do More Work!
“Actionability” is something we are starting to hear more and more from industry sales and marketing, but often doesn’t translate into reality for various components of cyber threat intelligence programs and services. Does your cyber threat intelligence program drive decisions for organizational risk management and reduction of risk? If it doesn’t you’ll want to read this blog post to focus upon what matters most to attain true actionability through cyber threat intelligence.
An Optiv client recently said, “Actionability cannot mean that I have to do more work.” This is far too often the case with emergent cyber threat intelligence solutions and services. If cyber threat intelligence is done properly as a recursive process over time, integrated into an enterprise risk management strategy and practices, actionability will hit the mark. Unfortunately, what happens more often is reflective of a lack of focus, resulting in cyber threat intelligence programs being drowned in a global swimming pool of threat information and agents in an increasingly connected global threat landscape.
To be successful in the area of actionability you must approach maturation of your cyber threat intelligence program from a strategic perspective. Do you know where your crown jewels are, how they are protected, and how they are at risk? Yes, I know, you’ve heard that before, but it’s worthy to say it again and again until the industry starts doing it! With the understanding of what you are protecting as the cornerstone of your risk management practice for the enterprise, the next step is to focus upon how cyber threat intelligence will actionably make a difference. Be sure to involve experienced professionals who have done this type of work to align your cyber threat intelligence practice with business operations.
Let’s make the concept of strategic focus towards goals of a cyber threat intelligence program clear with the examples below:
A newly formed internal cyber threat intelligence team begins to search for global indicators of compromise (IOCs) as a way to bolster their depth and breadth of visibility into potential threats that their organization may face. They spend many hours collecting, parsing and sorting through various data formats to feed their SIEM. In the end, they are really aggregating global IOCs that impacted the rest of the world which, in statistical reality, will likely not impact their organization from a threat deterrence perspective, but will impact the organization by straining a more than likely already over burdened staff. Strategically this can be part of a mature solution on some level, but will likely not yield highly actionable or valuable results as part of an emergent cyber threat intelligence program.
A company recognizes that when an attack takes place against their business they have a need to get additional IOCs related to that specific malware variant, as well as any other IOCs related to a possible campaign. This cyber threat intelligence team coordinates internally to gain visibility and metrics into emergent attacks as they happen, in real-time, working to then quickly generate or obtain IOCs related to attacks as they occur. They do this in both automated and human intelligence (HUMINT) fashions to maximize timeliness of their input back into their SIEM, IT and incident response teams. IOCs generated from this strategic solution is timely, highly relevant and integrated.
Do you see the difference in the examples above? The more successful approach is aimed at integration and outcomes specific to the organization, defined by intelligence requirements. With a proper strategic approach and focus in place, an organization has the challenge of putting into practice actionability within a cyber threat intelligence program.
There is an inherent challenge to this that many managers may miss - the lack of a clear definition of what you’re aiming towards when it comes to cyber threat intelligence and actionability. If you take a newly formed cyber threat intelligence team and ask them to all define actionability (try this) you will gain an understanding of how your team diversely approaches the subject and/or gaps that may exist. As an industry we have yet to gain a tangible definition.
The following components of actionability must exist for success within a cyber threat intelligence program:
When you read the above components for success for actionability, an experienced cyber threat intelligence professional quickly realizes that these are all part of an effective cyber threat intelligence program itself. Making sure the pillars of success for your enterprise risk governance matches up with your cyber threat intelligence strategy, and then that of your cyber threat intelligence outcomes (actions) is the essential, three stranded rope that an effective manager shoots for in order to have success. Actionability of a cyber threat intelligence program clearly reflects the effectiveness of the entire cyber threat intelligence program to integrate and improve cyber risk management for an organization. The key to actionability is providing consumers with the ability to action against the intelligence information. And the key to providing that consumer decision advantage is to ensure that cyber threat intelligence strategy is aligned to consumer requirements.
December 12, 2017
It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a....
Let us know what you need, and we will have an Optiv professional contact you shortly.