Threat Intelligence Misconceptions & Their Effects
Gartner defines Threat Intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.
Gartner is just as serious about how Threat Intelligence is NOT defined, making it obvious that the concept of threat intelligence is not a part of the normal layman lexicon of today – at least not yet. They note that threat intelligence is not “obvious, trivial or self-evident information” that can be gleaned from basic research. It is also NOT information about vulnerabilities, which is considered an add-on function by service providers. Finally, threat intelligence is not the process of incident response.
With so much focus on how threat intelligence is NOT defined, it begs the question, where are the knowledge gaps and how do we get around them? The main reasons threat intelligence might not be working full throttle for your company is a lack of understanding of how to use it! Let’s take a quick common sense tour of the basics of threat intelligence and how to get started choosing what’s right for you.
Threat intelligence is not “one-size-fits-all.”
For anyone who’s bought a t-shirt in the USA vs. Europe vs. Asia – you’ve certainly realized that one-size-certainly-does-not-fit-all. Along the exact same lines, do financial institutions implement the same cyber-security measures as the manufacturing industry or healthcare? Are APAC based businesses facing the same threat landscape as those in the Americas? That’s an easy “NO.” Threat actors attack different industries and institutions with different goals, methods and technology – so why should your threat intelligence solution should be a pre-packaged, out-of-the-box, one-size-fits-all resource?
Bringing a knife to a gun fight.
Having the information is one thing – but do you have the resources to act on it? As we saw above, threat intelligence is NOT the obvious threat, awareness of vulnerabilities or incident response. Who is responsible for interpreting your threat intelligence and deciding how to neutralize it? Certainly not the IT guy who installs computers for new employees or troubleshoots internet connectivity issues – right? Not necessarily. If you’ve made the step toward threat intelligence, allocating time and money for training and specializing your existing staff will go a long way toward maximizing threat intelligence capabilities. Do your executives understand that utilizing any information brought to light on future threats will require a budget to take action? Making sure they are well informed about how these threats could potentially affect the business could make all the difference.
Threat intelligence does not exist in a vacuum.
Yes, threat intelligence is exciting and unique, but it’s designed (or should be designed) to work with your existing security measures! Integrating threat intelligence with your existing software, security information and event management applications is the best way to utilize this new information in a more comprehensive way. Lack of integration limits the effectiveness of threat intelligence and creates a more complex and difficult workload for cyber security teams.
Threat intelligence is different things to different people.
The actual definition of threat intelligence is again valuable when considering how many people don’t have an exact idea of what it is. To executives threat intelligence dictates high-level decision making, compliance and budget. To IT specialists threat intelligence may be more specific to malware, ransomware and employee internet activity.
About Sangfor Technologies:
Sangfor works with partners and customers globally to optimize and secure networks and build cloud computing capabilities. We are here to make sure your network security and enterprise cloud is safe, secure and state-of-the-art. Sangfor knows what you are facing with zero-day attacks, ransomware and phishing in 2019. Without threat intelligence, we are fighting the bad guys with yesterday’s technology. Visit Sangfor Technologies to discover what threat intelligence is, and how it supports and enhances network security, endpoint security and your entire security operation as a whole.
Founded in 2000 and a publicly traded company as of 2018 (SANGFOR STOCK CODE: 300454 (CH)) Sangfor Technologies is the global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com for more information !