Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking and Finance Review

Global Banking and Finance Review - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Profile
    • Privacy & Cookie Policy
    • Terms of Use
    • Contact Us
    • Advertising
    • Submit Post
    • Latest News
    • Research Reports
    • Press Release
    • Awards▾
      • About the Awards
      • Awards TimeTable
      • Submit Nominations
      • Testimonials
      • Media Room
      • Award Winners
      • FAQ
    • Magazines▾
      • Global Banking & Finance Review Magazine Issue 79
      • Global Banking & Finance Review Magazine Issue 78
      • Global Banking & Finance Review Magazine Issue 77
      • Global Banking & Finance Review Magazine Issue 76
      • Global Banking & Finance Review Magazine Issue 75
      • Global Banking & Finance Review Magazine Issue 73
      • Global Banking & Finance Review Magazine Issue 71
      • Global Banking & Finance Review Magazine Issue 70
      • Global Banking & Finance Review Magazine Issue 69
      • Global Banking & Finance Review Magazine Issue 66
    Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

    Global Banking & Finance Review® is a leading financial portal and online magazine offering News, Analysis, Opinion, Reviews, Interviews & Videos from the world of Banking, Finance, Business, Trading, Technology, Investing, Brokerage, Foreign Exchange, Tax & Legal, Islamic Finance, Asset & Wealth Management.
    Copyright © 2010-2026 GBAF Publications Ltd - All Rights Reserved. | Sitemap | Tags | Developed By eCorpIT

    Editorial & Advertiser disclosure

    Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    Home > Top Stories > UNFRAGMENTING SECURITY WITH THREAT INTELLIGENCE
    Top Stories

    UNFRAGMENTING SECURITY WITH THREAT INTELLIGENCE

    Published by Gbaf News

    Posted on May 16, 2017

    11 min read

    Last updated: January 21, 2026

    Allianz Trade celebrates winning the Global Banking & Finance Review award for Best Trade Credit Insurance Company Asia Pacific 2022, highlighting its excellence in credit insurance solutions.
    Award ceremony celebrating Allianz Trade as Best Trade Credit Insurance Company Asia Pacific - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    By Anthony Perridge, Regional Director, ThreatQuotient

    It has often been said that complexity is the enemy of security. It is a simple statement but, nonetheless, one that holds true time and time again. The more complex your infrastructure, the more likely it is to have seams with exposed vulnerabilities. This is exactly what hackers are looking for, places where people and processes are not perfect and something is left unprotected.

    In my last article I talked about how defence-in-depth and layering defences so that if one does not work, another layer is there to stop the attack. This has not always been the saviour we thought it would be. This stems from the fact that each layer of defence has been a point product; a disparate technology that has its own intelligence and works within its own silo, creating fragmentation. And, since this creates complexity, it stands to reason that to combat the enemy and improve security we need to reduce it. But how can you begin to unfragment something that is already out there in many pieces? To my mind the best way is to find the glue to put things together. This glue comes in the form of threat intelligence, integrating layers of point products within a defence-in-depth strategy to reduce it.

    But this isn’t just a problem with defence-in-depth. You also see it in your external threat intelligence feeds and across the different teams involved in maintaining your security posture. Let’s take a closer look at the fragmentation that exists in these areas and how threat intelligence can help. A study by the American university, Carnegie Mellon, analysed the blacklist ecosystem over an 18-month period and found that the contents of blacklists generally do not overlap. In fact, of the 123 lists (which each included anywhere from under 1,000 to over 50 million indicators) most indicators appeared only on a single list. It’s no wonder there’s a huge data overload problem! The study goes on to say, “our results suggest that available blacklists present an incomplete and fragmented picture of the malicious infrastructure on the Internet, and practitioners should be aware of that insight.” But don’t just take their word for it; the 2015 Data Breach Investigations Report commissioned by Verizon came to a similar conclusion noting that “there is a need for companies to be able to apply their threat intelligence to their environment in smarter ways.”

    In an attempt to get the best coverage as they build their threat operations, most organisations are typically forced to use multiple data feeds, some from commercial sources, some open source, some industry and some from their existing security vendors – each in a different format. Lacking the tools and insights to automatically sift through mountains of disparate global data and aggregate it for analysis and action, the data remains fragmented, often does not have context and just becomes more noise. The path to threat intelligence begins with aggregating that external data into a threat intelligence platform (TIP).

    Nevertheless a TIP needs to go further than simple aggregation. It must also operationalise and apply that intelligence as the glue to reduce fragmentation. With global data in one manageable location, it needs to be translated into a uniform format, and augmented and enriched with internal and external threat and event data. The correlation of events and associated indicators from inside your environment with external data on indicators, adversaries and their methods, allows you to gain additional and critical context in order to understand what is relevant and high-priority to your organisation. Now you’re in a position to utilise that threat data, automatically exporting and distributing key intelligence across all the different layers of defence in depth to improve security posture and reduce the window of exposure and breach.

    So how can you deal with the fragmentation across teams? Well, the key here is to find a way to use that threat intelligence for better decisions and action, and this can often be a challenge in siloed organisational structures. You might have a SOC (security operations centre), a network team, an incident response (IR) team and a malware team. More often than not, they don’t even work together, let alone share information or intelligence. Forced direct communication isn’t often effective, so how do you get those teams to work together in a way that makes sense? By offering a single repository for all threat intelligence that is contextual and prioritised, you can foster much needed collaboration without them necessarily even knowing it. With the ability to add commentary and store data for longer periods of time, the repository can become a core component of their processes. As the different teams use and update this repository, there is instantaneous sharing of information across other teams, resulting in faster, more informed decisions.

    Taking this a step further, by integrating that repository into other existing systems – including, but not limited to SIEM, log repositories, ticketing systems, incident response platforms, orchestration and automation tools – you will allow disparate teams to use the tools and interfaces they already know and trust and still benefit from and act on that intelligence. For example, the IR team uses forensics and case management tools. The malware team uses sandboxes, the SOC the SIEM and network team uses network monitoring tools and firewalls, and this is just the beginning. By getting consistent intelligence directly from the repository that they have been working in and updating collectively, everyone operates from a single source of truth, reducing fragmentation and complexity so they can accelerate detection and response.

    I am in no doubt that complexity is the enemy of security, but this doesn’t have to mean that you are entirely helpless. The enriching of threat data from all your external and internal sources with context, relevance and prioritisation, allows threat intelligence to become the vital glue that reduces the overall fragmentation across your security environment. By reducing this complexity you can ensure that your teams can work together with their existing tools to keep your organisation safer.

    By Anthony Perridge, Regional Director, ThreatQuotient

    It has often been said that complexity is the enemy of security. It is a simple statement but, nonetheless, one that holds true time and time again. The more complex your infrastructure, the more likely it is to have seams with exposed vulnerabilities. This is exactly what hackers are looking for, places where people and processes are not perfect and something is left unprotected.

    In my last article I talked about how defence-in-depth and layering defences so that if one does not work, another layer is there to stop the attack. This has not always been the saviour we thought it would be. This stems from the fact that each layer of defence has been a point product; a disparate technology that has its own intelligence and works within its own silo, creating fragmentation. And, since this creates complexity, it stands to reason that to combat the enemy and improve security we need to reduce it. But how can you begin to unfragment something that is already out there in many pieces? To my mind the best way is to find the glue to put things together. This glue comes in the form of threat intelligence, integrating layers of point products within a defence-in-depth strategy to reduce it.

    But this isn’t just a problem with defence-in-depth. You also see it in your external threat intelligence feeds and across the different teams involved in maintaining your security posture. Let’s take a closer look at the fragmentation that exists in these areas and how threat intelligence can help. A study by the American university, Carnegie Mellon, analysed the blacklist ecosystem over an 18-month period and found that the contents of blacklists generally do not overlap. In fact, of the 123 lists (which each included anywhere from under 1,000 to over 50 million indicators) most indicators appeared only on a single list. It’s no wonder there’s a huge data overload problem! The study goes on to say, “our results suggest that available blacklists present an incomplete and fragmented picture of the malicious infrastructure on the Internet, and practitioners should be aware of that insight.” But don’t just take their word for it; the 2015 Data Breach Investigations Report commissioned by Verizon came to a similar conclusion noting that “there is a need for companies to be able to apply their threat intelligence to their environment in smarter ways.”

    In an attempt to get the best coverage as they build their threat operations, most organisations are typically forced to use multiple data feeds, some from commercial sources, some open source, some industry and some from their existing security vendors – each in a different format. Lacking the tools and insights to automatically sift through mountains of disparate global data and aggregate it for analysis and action, the data remains fragmented, often does not have context and just becomes more noise. The path to threat intelligence begins with aggregating that external data into a threat intelligence platform (TIP).

    Nevertheless a TIP needs to go further than simple aggregation. It must also operationalise and apply that intelligence as the glue to reduce fragmentation. With global data in one manageable location, it needs to be translated into a uniform format, and augmented and enriched with internal and external threat and event data. The correlation of events and associated indicators from inside your environment with external data on indicators, adversaries and their methods, allows you to gain additional and critical context in order to understand what is relevant and high-priority to your organisation. Now you’re in a position to utilise that threat data, automatically exporting and distributing key intelligence across all the different layers of defence in depth to improve security posture and reduce the window of exposure and breach.

    So how can you deal with the fragmentation across teams? Well, the key here is to find a way to use that threat intelligence for better decisions and action, and this can often be a challenge in siloed organisational structures. You might have a SOC (security operations centre), a network team, an incident response (IR) team and a malware team. More often than not, they don’t even work together, let alone share information or intelligence. Forced direct communication isn’t often effective, so how do you get those teams to work together in a way that makes sense? By offering a single repository for all threat intelligence that is contextual and prioritised, you can foster much needed collaboration without them necessarily even knowing it. With the ability to add commentary and store data for longer periods of time, the repository can become a core component of their processes. As the different teams use and update this repository, there is instantaneous sharing of information across other teams, resulting in faster, more informed decisions.

    Taking this a step further, by integrating that repository into other existing systems – including, but not limited to SIEM, log repositories, ticketing systems, incident response platforms, orchestration and automation tools – you will allow disparate teams to use the tools and interfaces they already know and trust and still benefit from and act on that intelligence. For example, the IR team uses forensics and case management tools. The malware team uses sandboxes, the SOC the SIEM and network team uses network monitoring tools and firewalls, and this is just the beginning. By getting consistent intelligence directly from the repository that they have been working in and updating collectively, everyone operates from a single source of truth, reducing fragmentation and complexity so they can accelerate detection and response.

    I am in no doubt that complexity is the enemy of security, but this doesn’t have to mean that you are entirely helpless. The enriching of threat data from all your external and internal sources with context, relevance and prioritisation, allows threat intelligence to become the vital glue that reduces the overall fragmentation across your security environment. By reducing this complexity you can ensure that your teams can work together with their existing tools to keep your organisation safer.

    More from Top Stories

    Explore more articles in the Top Stories category

    Image for Lessons From the Ring and the Deal Table: How Boxing Shapes Steven Nigro’s Approach to Banking and Life
    Lessons From the Ring and the Deal Table: How Boxing Shapes Steven Nigro’s Approach to Banking and Life
    Image for Joe Kiani in 2025: Capital, Conviction, and a Focused Return to Innovation
    Joe Kiani in 2025: Capital, Conviction, and a Focused Return to Innovation
    Image for Marco Robinson – CLOSE THE DEAL AND SUDDENLY GROW RICH
    Marco Robinson – CLOSE THE DEAL AND SUDDENLY GROW RICH
    Image for Digital Tracing: Turning a regulatory obligation into a commercial advantage
    Digital Tracing: Turning a regulatory obligation into a commercial advantage
    Image for Exploring the Role of Blockchain and the Bitcoin Price Today in Education
    Exploring the Role of Blockchain and the Bitcoin Price Today in Education
    Image for Inside the World’s First Collection Industry Conglomerate: PCA Global’s Platform Strategy
    Inside the World’s First Collection Industry Conglomerate: PCA Global’s Platform Strategy
    Image for Chase Buchanan Private Wealth Management Highlights Key Autumn 2025 Budget Takeaways for Expats
    Chase Buchanan Private Wealth Management Highlights Key Autumn 2025 Budget Takeaways for Expats
    Image for PayLaju Strengthens Its Position as Malaysia’s Trusted Interest-Free Sharia-Compliant Loan Provider
    PayLaju Strengthens Its Position as Malaysia’s Trusted Interest-Free Sharia-Compliant Loan Provider
    Image for A Notable Update for Employee Health Benefits:
    A Notable Update for Employee Health Benefits:
    Image for Creating Equity Between Walls: How Mohak Chauhan is Using Engineering, Finance, and Community Vision to Reengineer Affordable Housing
    Creating Equity Between Walls: How Mohak Chauhan is Using Engineering, Finance, and Community Vision to Reengineer Affordable Housing
    Image for Upcoming Book on Real Estate Investing: Harvard Grace Capital Founder Stewart Heath’s Puts Lessons in Print
    Upcoming Book on Real Estate Investing: Harvard Grace Capital Founder Stewart Heath’s Puts Lessons in Print
    Image for ELECTIVA MARKS A LANDMARK FIRST YEAR WITH MAJOR SENIOR APPOINTMENTS AND EXPANSION MILESTONES
    ELECTIVA MARKS A LANDMARK FIRST YEAR WITH MAJOR SENIOR APPOINTMENTS AND EXPANSION MILESTONES
    View All Top Stories Posts
    Previous Top Stories PostABU DHABI GLOBAL MARKET INTRODUCES FIRST CALIBRATED VENTURE CAPITAL MANAGERS FRAMEWORK IN MENA REGION
    Next Top Stories PostCYBER SECURITY: TIME TO EDUCATE YOUR EMPLOYEES