Quality Over Quantity: The Value of Threat Intelligence
Cyber threat intelligence — properly gathered, refined, and applied — can help organizations recognize cyber risks and implement protections that specifically address the most serious risks to the integrity and functioning of their organization.
In this post, we’ll look at what threat intelligence is and why organizations would benefit from threat intelligence.
WHAT IS CYBER THREAT INTELLIGENCE?
The National Institute of Standards and Technology (NIST) defines threat information as “any information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor.” It includes information such as security alerts; the tactics, techniques, and procedures (TTPs) of malicious actors; various indicators of threats; specific tool configurations that might help detect threats; or threat intelligence reports detailing threats and threat actors.
At LookingGlass, we also consider threat intelligence to be a finished analytical product that includes collection, refinement, and enrichment of threat information by both machine and humans, as well as the process of transforming general threat information into actionable intelligence specific to an organization.
WHO USES THREAT INTELLIGENCE?
Threat intelligence users include internal or external teams often tasked with incident response, such as Computer Security Incident Response Teams (CSIRTs) as well as other information security specialists who might work within an organization.
Network and system administrators and technical support staff are also important audiences for threat intelligence, especially because they are first-line support in the event of a security incident.
Beyond that, senior management, and C-suite officers — including Chief Privacy Officers, Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and other executives – are likely to consume cyber threat intelligence to inform organizational risk decisions or in the event of a major cyber incident.
ENSURING HIGH-QUALITY THREAT INTELLIGENCE
The abundance of providers and options can lead to confusion about “quality vs. quantity” and “data vs. intelligence”. In both instances it comes down to the same question — is the information relevant to an organization? A large volume of information doesn’t mean that the information is useful to an organization.
High-quality threat intelligence is derived from refinement, enrichment, and prioritization of threat information for specific business use cases or to provide situational awareness on matters that your organization cares about.
WHAT DOES HIGH-QUALITY THREAT INTELLIGENCE LOOK LIKE?
High-quality threat intelligence provides background on potential attacks and allows you to gain background information on threats and threat actors which then allows you to identify possible gaps. When TTPs are published as a part of a news story breaking or when a specific industry is affected, high-quality threat intelligence like scoutPRIME will already have a sense of where to start looking. From there, high-quality threat intelligence works to gather more information and data to have the tools to cover those gaps. To learn more about how to select and use, quality and actionable threat intelligence, download our free eBook, Quality Over Quantity A Guide To Threat Intelligence Selection And Use.
LookingGlass integrates high-quality threat intelligence into every aspect of our comprehensive portfolio of products, so organizations can confidently anticipate, understand, detect, and prevent cyber threats.
NOT DONE GATHERING INTEL?
At LookingGlass, we help our clients aggregate, correlate, and contextualize threat intelligence using dozens of feeds. Contact us if you’d like to learn more.