Threat Intelligence Is a Two-Way Street

Intelligence analysis should be looked upon as less of a service and more of a partnership.

In the wake of public breaches of large enterprises, organizations are quickly realizing the need to develop cybersecurity strategies that include developing or acquiring technical and analytical solutions to support network defenders and decision makers alike. As a result, there has been a noticeable boon in the global cybersecurity industry, which is expected to grow to $155.7 billion by 2019, according to a report from Cybersecurity Ventures, a world market research organization.

One capability being offered by many of these cybersecurity companies is Cyberthreat intelligence, which usually encompasses a fusion of technical and threat analysis. Vendors promote their analytic capabilities to deliver accurate, timely threat information in order to provide advanced warning or decision-making advantage to their customers.
However, one challenge that all private security companies have in this space is getting the proper guidance and information from customers, which could be used to improve and focus analysis. An intelligence production cycle will typically have these components, though some organizations may have an added or subtracted step:

During the setting-requirements phase is when a customer will engage with an intelligence unit to identify and determine the issues that need to be covered and shape any intelligence requirements that need to be addressed. Granted, there are those occasions when customers may not know exactly what they want or don’t know how to communicate it via their intelligence requirements. At these times, it is incumbent upon intelligence analysts to help educate and inform customers about the potential pitfalls that may result if requirements are not more advantageously scoped.

This is a critical stage of the process because if questions are not properly scoped and prioritized, collection strategies will be impacted, and the finished intelligence product may not be responsive or may be too vague to be useful. Time invested up front in setting prioritized focused requirements will prevent this from happening.

This is particularly important with cyber-intelligence because organizations can provide information unique to their particular environment and receive indicators and intelligence that help shape their cybersecurity postures. Indeed, Carnegie Mellon’s Software Engineering Institute (SEI) echoes this sentiment in a January 2013 report reviewing how private companies conduct cyber-intelligence. SEI’s key findings cited scoping the cyber-environment to an organization’s mission as one of its recommended best practices for the cyber-intelligence industry.

Ultimately, intelligence analysis should be looked upon as less of a service and more of a partnership whose success relies on the full commitment and engagement of both intelligence producer and intelligence consumer. Organizations that adopt the intelligence cycle into their business practices will find that the more they provide to the process, the more they will receive. Sharing pertinent data such as technical data collected from hostile activity transpiring against networks, and providing advanced notice of business activities, will help focus analytic efforts on the most pertinent cyberthreats against the enterprise. In turn, this information can contribute to the larger community via threat indicators, thereby strengthening the greater collective’s cybersecurity efforts. 

Dark Reading:  

« Leading Belgian Newspaper Hit by Cyber Attack
Gang Warfare: Hacking Groups Clash In Cyberspace »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

Boxcryptor

Boxcryptor

Boxcryptor encrypts your sensitive files before uploading them to cloud storage services.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Red Balloon Security (RBS)

Red Balloon Security (RBS)

Red Balloon Security is a leading embedded device security company, delivering deep host-based defense for all devices.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

Coveware

Coveware

Coveware helps businesses remediate ransomware. We help companies recover after files have been encrypted, and our analytic, monitoring and alerting tools help companies prevent ransomware incidents.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.

Invary

Invary

Invary's expert Runtime Integrity solution, powered by NSA-licensed technology, verifies the security and confidentiality of your system.