Threat intelligence is THE hot topic in the security industry right now. It is being called “the first real evolution in security we have seen in a decade” and is being added to everyone’s to-do list for 2015, but what exactly is threat intelligence?
Threat intelligence: Explained
Threat intelligence is going beyond data; it is relevant, actionable information gained from analyzing data; information that helps leaders make informed business and security decisions.
The easiest way to think about it is to think of threat intelligence as the “so what?” question. You have all that that data, but so what? What are you going to do with it?
Not just data
The definition of threat intelligence is still evolving, but currently, too many definitions only include data as a source of information. While data is essential, experts on the subject say that threat intelligence requires networking—the kind with people, not computers.
Threat intelligence professionals need to not just comb through their data and the “cyber underground” for threats, they also need to build and leverage relationships with those in the security community; the security community needs to pool its resources and work together to identify threats and develop action plans to eliminate the threats.
“Real” threat intelligence
Vendors are taking advantage of the popularity and lack of understanding of threat intelligence. They are selling weekly or monthly threat intelligence packages, but while that sounds legit, it is not “real” threat intelligence.
Real threat intelligence is real time. It is not something you can check in on once a week; it should be monitored 24/7 by a program and a security professional should be checking in several times of day. Threats become reality in a matter of minutes; you need to be paying attention.
Why threat intelligence matters
Simply put, threat intelligence reduces risk. Too often, security professionals are playing defense with cybercriminals, but threat intelligence lets us play offense. It lets us know the who, what, why, where, when and how of a threat before it strikes so we can make action plans to prevent any damage.
Risk management like this does not just prevent problems, but increases customer and employee loyalty and satisfaction. Customers and employees are happy to know that you are actively protecting their data and employees tend to be happier when they know they are making a difference. They are not just collecting data to collect it. They are analyzing it and using it to protect.
It is clear that threat intelligence is here to stay, but there is so much more to it than any of us know yet. We all need to be alert and keep learning about how to best use and leverage threat intelligence.