“Threat Intelligence” is one of those terms that high-tech marketers have recently grabbed on to, and are currently riding hard – you can check this out for yourself, with a quick look on Google Trends.
But what does threat intelligence really mean? In Aberdeen’s view, noteworthy attributes of threat intelligence include:
- It comes from a qualified, trusted third-party source.
The collection, correlation, evaluation and dissemination of insights about active attack campaigns is more than most organizations can ever hope to do on their own. Superiority of information – which we can achieve only by working together – is the best way for the defenders to win against the attackers.
- It provides insight into an active campaign, not just notice of a known threat, a known vulnerability, or a known compromise.
There’s a huge difference between a feed of information about threats, vulnerabilities and exploits – which we already have in abundance – and insight into the “who, what, where, when and how” of active attack campaigns.
- It provides the means to draw relevant insights into risk, in terms of both likelihood and business impact, for the specific context of our own organization.
This is particularly important, because threats are not risks – threats are threats. If we’re not talking about the likelihood of some action being taken by a threat, along with the business impact if that action does occur, then we’re not really talking about risk. Intelligence plus self-knowledge is the only way to determine appropriate, risk-based actions – and if the organization is willing to accept the risk, it can always choose to stick to the status quo.
- It (often) includes options for additional help.
Access to external threat intelligence is important, but access to third-party expertise when needed may be crucial to getting the real value from it – especially if the third party is already familiar with our organization’s context from an ongoing relationship.
For a more detailed discussion, see my report called Flash Forward: Putting Threat Intelligence in Perspective.