Threat intelligence: Have you tapped this next generation strategy to build your firms’s resilience?

Threat intelligence is a way of reducing ‘physical and cyber risks’ while supporting decision-making and existing security intelligence methodologies and systems. FILE PHOTO | NMG

Threat intelligence is a relatively new concept on the security landscape, but it is one that has the potential to offer immense value to an enterprise with its demand anticipated to grow at 15.5 percent .

In a nutshell, it is a way of reducing ‘physical and cyber risks’ while supporting decision-making and existing security intelligence methodologies and systems.

Threat intelligence is built on data. The National Institute of Standards and Technology defines it as information that has been ‘aggregated, transformed, analysed, interpreted or enriched to provide the necessary context for decision-making processes.’

It is built on the data collected by organisations about the threat landscape, cyber-attack trends, evolving attack approaches, the types of attack and the ever-changing risks presented by these threats.

The insights provided by this data allow security teams to make informed decisions around their security while also giving them the edge when it comes to being more proactive in their approaches and methodologies.

But threat intelligence is only as valuable as the data used to inform it. This means that organisations need to have visibility and control over the data within their internal systems – assets, operations, processes, systems – and the ability to correlate this data with external information that allows for a holistic view of the threat landscape.

There are three types of threat intelligence. The most important is strategic threat intelligence which provides the C-Suite with the data it needs to make informed decisions around the types of risks their organisations are facing.

It is an insights-rich advisory that informs security spending, risk assessments, and technology assets to ensure that risks are mitigated as effectively as possible.

This level of threat intelligence is designed to provide decision-makers with the information they need to align security spending with security requirements.

The second form of threat intelligence is tactical. This is high-level security intelligence that makes sense to security leadership – the CISO, the information security manager, or the SOC manager.

It advises on the tooling they have to employ within their SOC and offers them a measure of forecasting that can help them manage their security approaches more effectively.

It answers questions like – is ransomware more prevalent or insider fraud? Is it email compromises? Where do we need to focus our budgets and SOC efforts?

The last form is operational threat intelligence, which is highly reactionary and used by security teams who handle day-to-day operations.

It is fed into security tools such as SIEM, SOAR, and firewalls. Security engineers, analysts, red teamers (offensive white hat attackers), and other on-the-ground security people who require immediate visibility into ongoing attacks and threats utilise this for the effective setup of defences.

The value of threat intelligence lies in how it provides the business with an invaluable layer of insights that can be used to balance security protocols and approaches.

Using this data, teams can create a better security balance throughout the organisation. Which of course asks – how should organisations approach the implementation and management of threat intelligence tools and services? Should they create their own or consume a commercial threat intelligence tool?

Every organisation has its own strategy, assets, and technology stack and each one is influenced by the industry in which it operates.

Finance, for example, faces a very different threat landscape to retail. Insurance has a markedly different threat profile to agriculture.

Yet each industry faces significant threats so by going through a process of self-discovery, organisations can establish their unique threat footprint, and this will inform which approaches are best suited to their needs.

Best practice suggests that the business undertakes a risk assessment, examines the threat landscape from both an internal and external perspective and then establishes exactly what level of threat intelligence it needs to effectively minimise its threat profile.

In addition to providing the business with a high level of visibility into threats that support agile security and risk mitigation, it also helps cut costs.

Every business has a limit in terms of how much it can spend on technology and must make the most out of its available resources.

Threat intelligence helps refine security spending as it advises the business on what type of security it actually needs – is it a firewall?

Endpoint Detection and Response? An antivirus solution? The remarkable visibility provided by threat intelligence shines a spotlight on the gaps and holes in an organisation’s security awareness, so it stops shooting in the dark.

And that is an invaluable asset to any company as it faces the complexity of cybersecurity.

Robert Ngetich is the Team Lead, Threat Intelligence Centre, Dimension Data East, and West Africa.