Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Threat intelligence – myth vs. reality

Chris Pace, Technology Advocate at Recorded Future

Threat intelligence is one of the most important resources for defending against increasingly advanced cyber-attacks, but there are still several myths and misconceptions about how intelligence can be accessed and used. Many organisations still believe threat intelligence is something of a dark art, restricted to elite security pros retained only by the likes of the world’s leading banks, and too complex and costly for ordinary businesses.

We have heard many different misconceptions over the years, and most can be easily rebuffed.

Three of the most common assumptions are:

 “IT’S ONLY FOR ELITE ANALYSTS”

While access to good intelligence might once have been restricted to the elites, today a fast-growing market means it is easily accessible by security professionals with any amount of experience and in any role. The market focus is to provide contextualised information that will enable security teams to respond quickly and proactively as threats emerge.

 “IT’S JUST A BUNCH OF PDF REPORTS OR STREAMS OF DATA”

Threat intelligence is essentially a tool, and like any other tool the quality can vary. Some poor intel is indeed simply presented as a disorganised stream of data, but genuine threat intelligence is provided in real time, stripped of false positives, and presented in a format designed to drive effective decision making.

“IT CAUSES MORE PROBLEMS THAN IT SOLVES”

One of the key factors in making threat intelligence work is how it is implemented by the organisation. Intel that is poorly applied can end up being counterproductive by burying analysts under a mountain of false positives. Conversely, well-implemented threat intelligence will integrate with existing security technologies to provide analysts with crucial insights when and where they need them.

Operationalising threat intelligence

As a result of crucial misunderstandings like these, many security professionals believe that threat intelligence has nothing to offer their organisation. Even among companies that are open to exploring the use of threat intelligence, proper implementation is often a struggle. With thorough and systematic implementation, threat intelligence is difficult to use efficiently, and the true value will be missed.

When applied correctly, threat intelligence has a huge amount to offer security leaders and personnel, from informing investment decisions, to processing alerts more quickly, to reducing the threat window caused by the latest vulnerabilities.

The three edicts of threat intelligence

Finding a threat intelligence provider that will match the organisation’s specific structure and needs can be a complicated affair, and there are a huge array of choices, formats and vendors to choose from.

1.Threat intelligence is for everyone.

Threat intelligence has applications across all aspects of security. Even small organisations struggling with limited security budgets can access and utilise threat intelligence, enabling them to make better risk-based investment decisions and empower security personnel to maximise the value of their tools and processes.

Organisations that already have large and more well-established security capabilities meanwhile can use threat intelligence to respond to the latest incidents and attack tactics as quickly as possible. Alongside protecting the company from attack, well implemented threat intelligence can save a great deal of legwork for security practitioners, freeing them up for more high value tasks and allowing junior personnel to upskill more quickly.

  1. Poor quality threat intelligence can hinder more than it helps.

The simplest function of threat intelligence is to enable informed decision making. If the intelligence received by a company is incomplete and contains a high number of false positives and inaccuracies, security decision makers will end up making bad choices.

In terms of daily security activity, vulnerability management teams could miss vital weaknesses that leave the company exposed to attack, while SOC and incident response analysts could end up missing genuine threats while wasting a great deal of time and resources chasing false leads. At a strategic level, security leaders may also make poor investment decisions that do little to improve the company’s security posture.

With this in mind, organisations need to ensure that the threat intelligence capability they implement will genuinely empower their security leaders and personnel.

  1. Look for powerful threat intelligence characteristics.

With poor quality intelligence having the potential to drastically reduce a company’s security capabilities, it is essential that decision makers know what they should be looking for in a solution. The following four traits are essential components of genuine threat intelligence:

  • Comprehensive – It must combine intelligence from a broad range of sources such as the dark web and threat actor forums.
  • Relevant – A worthwhile threat intelligence capability must deliver only intelligence which is relevant to the individual user, cutting out irrelevant data and false positives that will waste valuable time and resources.
  • Contextualised – The best threat intelligence solutions combine huge quantities of data, information, and intelligence to construct high-quality, actionable insights that are put into context against the wider threat landscape.
  • Integrated – Threat intelligence should be easily accessible across all the different functions it connects to, such as vulnerability management scanners, SIEM and EDR technology.

By having these factors firmly in mind when investigating and assessing the many threat intelligence options available, companies can cast aside the myths and find the ideal solution for their operations. Armed with genuine threat intelligence, security personnel across all functions and experience levels will be able to work faster and more effectively.