Threat Intelligence Is a Two-Way Street

Uploaded on 2015-04-23 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Intelligence analysis should be looked upon as less of a service and more of a partnership.

In the wake of public breaches of large enterprises, organizations are quickly realizing the need to develop cybersecurity strategies that include developing or acquiring technical and analytical solutions to support network defenders and decision makers alike. As a result, there has been a noticeable boon in the global cybersecurity industry, which is expected to grow to $155.7 billion by 2019, according to a report from Cybersecurity Ventures, a world market research organization.

One capability being offered by many of these cybersecurity companies is Cyberthreat intelligence, which usually encompasses a fusion of technical and threat analysis. Vendors promote their analytic capabilities to deliver accurate, timely threat information in order to provide advanced warning or decision-making advantage to their customers.
However, one challenge that all private security companies have in this space is getting the proper guidance and information from customers, which could be used to improve and focus analysis. An intelligence production cycle will typically have these components, though some organizations may have an added or subtracted step:

During the setting-requirements phase is when a customer will engage with an intelligence unit to identify and determine the issues that need to be covered and shape any intelligence requirements that need to be addressed. Granted, there are those occasions when customers may not know exactly what they want or don’t know how to communicate it via their intelligence requirements. At these times, it is incumbent upon intelligence analysts to help educate and inform customers about the potential pitfalls that may result if requirements are not more advantageously scoped.

This is a critical stage of the process because if questions are not properly scoped and prioritized, collection strategies will be impacted, and the finished intelligence product may not be responsive or may be too vague to be useful. Time invested up front in setting prioritized focused requirements will prevent this from happening.

This is particularly important with cyber-intelligence because organizations can provide information unique to their particular environment and receive indicators and intelligence that help shape their cybersecurity postures. Indeed, Carnegie Mellon’s Software Engineering Institute (SEI) echoes this sentiment in a January 2013 report reviewing how private companies conduct cyber-intelligence. SEI’s key findings cited scoping the cyber-environment to an organization’s mission as one of its recommended best practices for the cyber-intelligence industry.

Ultimately, intelligence analysis should be looked upon as less of a service and more of a partnership whose success relies on the full commitment and engagement of both intelligence producer and intelligence consumer. Organizations that adopt the intelligence cycle into their business practices will find that the more they provide to the process, the more they will receive. Sharing pertinent data such as technical data collected from hostile activity transpiring against networks, and providing advanced notice of business activities, will help focus analytic efforts on the most pertinent cyberthreats against the enterprise. In turn, this information can contribute to the larger community via threat indicators, thereby strengthening the greater collective’s cybersecurity efforts. 

Dark Reading:  

« Leading Belgian Newspaper Hit by Cyber Attack
Gang Warfare: Hacking Groups Clash In Cyberspace »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

LUCY Security

LUCY Security

LUCY is the answer when you want to increase your IT security, maintain your cyber security awareness, or test your IT defenses.

Tokio Marine HCC

Tokio Marine HCC

Tokio Marine HCC is a leading specialty insurance group with a Financial and Professional product line including Tech and Cyber.

drie

drie

drie is an end-to-end cloud services company based in Bahrain, Dubai and London. We enable businesses to adopt, scale on and build for cloud.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Brace168

Brace168

Specialising in Cyber Security incident identification and response, Brace168 is uniquely positioned to provide a vast experience in managed security services to meet the needs of all business types.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.

Intraframe US

Intraframe US

Intraframe US is a cybersecurity company in Memphis, specializing in Digital Forensics Incident Response and Managed IT services. We provide SMBs with a 24/7 SOC for proactive Cyber Threat Management.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.