
The Great Threat Intelligence Debate


Dan Holden, Director-Security Research, Arbor Networks
Input “threat intelligence” into your Google News search engine and over 1.3 million results pop up. It’s become the latest in popular buzzwords in the Internet security industry. But, besides the obvious reasons, why is the industry so hot to trot on the notion of threat intelligence/sharing at the moment?
Before I address the ‘why’ question, I should take a step back to address the ‘what’ question: what is good cyber threat intelligence, anyway?
Advanced technologies may be able to detect the vast amount, size and scope of cyber threats out there, issuing alerts when a system is compromised, but without context or relevant information about the attack, security analysts may inadvertently dismiss serious attacks as unimportant noise. Actionable, defensible security intelligence is required to quickly identify threats that are targeting—and have already compromised—your environment.
The right security intelligence fuels the creation of mechanisms to recognize and block network-based attacks— some of the time. However, effective security intelligence not only identifies attacks, methods, and other indicators, but also understands and catalogs the attack infrastructure, so that broader, more proactive measures can be taken with confidence.
The main goal for threat intelligence and threat sharing is to get at that much-needed greater context into the events happening on your network or your ‘piece’ of the Internet and how it interacts with the rest of the Internet. It can also make up for the lack of greater context into simple events logged in legacy technologies (firewalls, IDS, anti-virus.) Getting at the why, where, and how of a security event versus just knowing that the event or the indicator of compromise exists.
The problem with threat intelligence is that it’s become a bit of a big data headache. For effective threat intelligence, you need a giant store of the known ‘bad’— something that changes a million times a day—and the majority of the known bad, you might never interact with at all. It may never apply to your particular slice of the Internet. The efficiencies and costs associated with storing that amount of data isn’t very appealing to most, despite the upside to having your hands on what could be some really great insight into the threats your network is or could be exposed to. This is why many vendors are partnering up to create these shared threat intelligence groups—taking the big data burden off of one and spreading it among many, but in a trusted, smaller-scale, but still effective, environment.
Given the influx of threats coming at you from every possible angle, entry-point and vector, what is really needed to stay ahead of attackers? Context. That context can help you gauge risk, prioritize your security responder’s time, and move on to the next threat (among many) at hand. In other words, don’t focus on threat intelligence merely for its sake—or because it's the latest hot buzzword in the industry. Threat intelligence data not only needs to be actionable and proven, it also needs to be easily accessible for incident responders to be efficient and effective.
The goal of threat intelligence shouldn’t be corroborating bad data with more questionable data (because threat intelligence isn’t always proven), but it should be about searching out the best data that fits the risk profile of your particular organization, industry, and risk. At the end of the day, threat intelligence is about tracking the threat actors; naturally everyone will have a different slant or specialty on this. Ultimately, threat intelligence should make a marked improvement over existing staff and processes. If you have a giant library and no time to read anything in that library, then all you have is a bunch of books. No action, no intelligence.
ON THE DECK
Featured Vendors
THETA432: Performance, Precision, Efficiency, Visibility - The Key to Incident Response and Answer to the Talent Shortage
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
DISRUPTING IoT CONSUMER CENTRIC SOLUTIONS
METAVERSES AND IOT: EVOLUTION OR SYMBIOTIC RELATIONSHIP?
The Sustainable Side Of The Internet Of Things
Embracing Technological Advancements And Innovation Through Diverse...
The Evolution Of Commercial Office Developments Through Digital Twin
How AI can help save us from the fallout of the Great Resignation
