Five things to know about Threat Intelligence

Data is the key to unlocking next-generation cybersecurity. By understanding the sea of data around them, organisations can turn information into vital threat intelligence – actionable insights that empower security teams to understand attackers, look for threats in the right places, spot vulnerabilities before they’re exploited, and take the right steps when the worst happens. But harnessing the power of data isn’t easy; here are five crucial things to keep in mind.

The race is on

We now inhabit a world where every business is a digital business and no industry is safe from cyber attacks; it's no small wonder that interest in intelligence is skyrocketing. The security status quo is being shattered as firms abandon reactive, device-led protection strategies, in favour of proactive detection and response empowered by intelligence-led visibility and control.

Exclusive research from IDC and SecureData, which questioned 300 major companies across the UK, found that ninety six per cent of firms now use Threat Intelligence products and services, and all plan to do so within the next 24 months. As security breaches hit revenues and competitiveness harder than ever, it’s vital that firms keep pace with the rapidly evolving threat landscape.

As confirmed in the IDC study, firms see the crucial benefit of Threat Intelligence as faster attack detection and response. We’re waking up to the reality that not only are we going to be attacked, but that we’re also going to be compromised at some point. As such, we’re becoming less focused on preventing breaches than finding them before serious damage is done, with minimal disruption to day-to-day activities.

Information ≠ Intelligence

Whether you’re paying for a quarterly security analyst report or a real-time feed of emerging threats, this information isn’t valuable in itself. Raw data must be transformed through the right people, processes, and technologies to join the dots and yield intelligence that’s both useful and usable.

Insights aren’t valuable unless they take into account the context of your business – the assets you need to protect, the systems you use, and the vulnerabilities you have. Generic threat data can’t help because you don't need detailed information on every threat – you need to hone in on the tiny percentage of threats that matter to you.

Key components

Turning information into intelligence isn’t easy. Expert people, cutting-edge analytics, robust processes, real-time outputs, and contextualisation must all be combined to create truly actionable insights. That’s no small challenge when a quarter of businesses admit to a ‘problematic shortage’ of cyber talent, whilst analytics platforms remain expensive and complicated to run.

An even greater challenge lies in making data-driven security usable: that is, it must be easy and cost-effective to consume. Even the world’s most insightful Threat Intelligence solution is of little use if it requires endless manpower, a bottomless budget, or takes months to produce results.

Look beyond IT

Threat Intelligence is still immature in most organisations and today’s CISOs have yet to harness the full potential of holistic, data-driven security.

While many organisations collect a substantial amount of information across their IT security infrastructure, many fail to integrate this with their Threat Intelligence platform. Less than sixty per cent of firms integrate data from their Firewall or UTM devices, for example. Meanwhile, only a third (thirty four per cent) of firms currently correlate external data such as threats or attacks on peer companies with their Threat Intelligence platform.

It’s time for firms to look at the big picture. From bringing in information from the wider community, to harnessing insights from physical security systems, you should go beyond IT to understand the full context of threats and drive the most value from Threat Intelligence.

Don’t go it alone

Our research found that ninety nine per cent of UK firms believe Threat Intelligence to be a combination of products and services, or a pure managed service.

The reason’s simple: the building blocks of data-driven security are too heavy for any organisation to bear alone. In fact, firms told us their key challenges are performance and response times, training, and expertise, and the cost of tools, maintenance, and personnel.

As Threat Intelligence services see increasing adoption, the world will move towards true data-driven security. The days of bolting on technologies or services to address each new challenge are ending. Only with an understanding of how attackers think, behave and select targets, can businesses make more of their existing security budgets and focus scarce resources where they’re needed most.

Ultimately, every business is now a digital business – and thus a target for cyber attack. Data-driven intelligence provides the opportunity to break the cycle of reactive, tactical and technology-led investment and defend their most valuable assets and information more effectively with an offensive cyber-security strategy that puts them on the front foot.

Etienne Greeff, CEO at SecureData