The “commercialization” of cyber crime has created a thriving illicit industry. Attacks, increasingly sophisticated and innovative, often bypass detection by even the most cutting-edge cyber security defense programs.
A proactive defense posture, based on pertinent threat intelligence, is required. Value derived from threat intelligence programs, however, largely depends on how well it is integrated into the organization. The truth is that the vast majority of commercial organizations that establish a cyber threat intelligence capability are rarely able to truly impact decision making and operations.
“Not only do analysts need security stacks and analysis platforms to process up to 1 trillion events per year, they also require access to a data sources like RSS feeds, blogs, and web crawlers.”
It is crucial to understand that cyber threat intelligence programs are not all created equal. The sole purpose of an intelligence capability is to inform decision makers and drive operations, resulting in more effective execution in any domain, cyber or kinetic. Existing intelligence capabilities are generally ad-hoc, stove-piped, and often produce little more than situational awareness reporting from sources such as news outlets and vulnerability reports. These types of intelligence reports, by and large, are not actionable and do not materially help an organization’s fight against cyber threats.