Getting the Most Value From Threat Intelligence

In a previous post, we described threat intelligence as “organized and analyzed information about potential threats to your organization.” It is easy to say having that information is important, but the value of threat intelligence is not decided when it is created. The value is determined when threat intelligence is put into action. To illustrate this point, let’s look at an app called Zillow. Zillow provides users with real estate data about homes they want to buy, sell, or rent. This is useful for someone who is looking to perform those actions with real estate, but for most users, the value of the data is lost because they never put that knowledge into practice. The same thing happens with threat intelligence when it is consumed by an organization. Value is determined once the intelligence is put to some action.

How do you determine value?

There are many ways threat intelligence can be utilized to create value. One way is to create a security awareness training program based on the known threats against a vertical. An organization can take that threat intel, understand what the attacks are, where they are coming from, and how they will affect the organization. From this information, one can then create a training program for the employees of the organization to change their behaviors in order to prevent them from being susceptible to the attack vectors. People can be a great defense when it comes to securing an environment, and it is valuable to keep them aware and trained on best practices. Threat intelligence can help shape that curriculum.

Another way threat intelligence can be used to create value for an organization is by reducing operational risk. Operational risk is any event that disrupts business processes, and a successful #cyberattack would definitely disrupt business. Focusing on the threat intelligence that is most relevant to the type of business one does is key in getting the most value. For example, if a power company is threatened by nation-state actors, they are not going to be as concerned by some script kiddies looking for low-hanging fruit out on the Internet. They will be more interested and focused on the advanced threats coming from specific areas in the world and mitigating those threats. Understanding how those threats come into fruition will help them reduce operational risk within a given timeframe, providing them tremendous value.

In addition to reducing operational risk, threat intelligence can also help a business focus on their priorities when it comes to security. Many businesses are not sure about how much money, time, and resources they will need to invest into a security program. There are a lot of tools available to provide defensive and preventative measures, but many take time to setup, personnel to manage them, and are costly (even before the other associated costs are accounted for). Understanding what attacks are relevant to an industry or business, and the severity of those attacks can help one make the decision on where security should be focused as well as what policies need to be put in place in order to maintain business efficiency and profitability.

Discovering value: The Perch way

Threat intelligence by itself does not carry much value. Value is discovered by how threat intelligence is applied in an organization. For us at Perch, we apply threat intelligence at the network level. By correlating network traffic going in and out of an organization to threat intelligence from multiple threat intel communities, we not only provide a comprehensive look at what is going on in an environment, we also provide specific context to any alerts that are created from our sensors. We have completely automated the process of applying threat intelligence. We have a group of security analysts at our Security Operations Center applying human intelligence to those alerts, creating a low-footprint, high value return to any organization using our service.

If you have any questions about Perch and what we do, please request a demo. We will be more than happy to help you learn where you can get the most value out of applying threat intelligence to your organization.

Omar Quimbaya

Omar Quimbaya
Cilantro
LinkedIn