Threat Intelligence Needs To Be Actionable

Everyone knows cyber crime is increasing, boosting cybersecurity initiatives to the top of the corporate priority list. While 38 percent of Fortune 500 companies did not have a chief information security officer just three years ago, every single one does today. In addition, Gartner estimates that $188.3 billion dollars will be spent on information security and risk management products and services in 2023. A myriad of cybersecurity-related solutions have flooded the market in recent years in response.

Businesses now offer so-called “threat intelligence” as a staple product. The Computer Security Resource Center of the National Institute of Standards and Technology in the U.S. Department of Commerce defines cybersecurity threat intelligence as “information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes.”

How Most Cyber Threat Intelligence Increases Risk

Unfortunately, much of what the industry currently calls threat intelligence doesn’t actually qualify–instead, it’s often just data. Pure data is not threat intelligence. Most forms of vetted, analyzed, or processed data are nothing more than simply interesting information that isn’t useful for defenders.

When vendors bombard client companies with various data feeds, their already-stretched security teams must search for those nuggets of information that may actually be useful to them at the moment. With the sheer volume of so-called threat intelligence data, this effort can be akin to finding a needle in a haystack.

Ideally, the cybersecurity provider separates the needles from the haystack prior to sending the ‘intelligence’ to the client. Currently, too much noise and not enough signal means companies often waste valuable resources sifting through false positives and trying to turn this information into something usable. That can mean Security Operations Center (SOC) analysts are diverted from activities that can ensure greater security, increasing the risk of a breach in other areas.

Incentivize Quality, Not Quantity

Most solution providers require employees meet quotas for cybersecurity threat intelligence feeds or other such content services they produce. This quantity-based requirement encourages the generation of useless filler content, focused on ensuring employees produce X number of indicators per month or Y number of blogs per week.

This complicates the ability of security professionals and other network defenders to do their jobs well by adding to the noise that they have to sift through. These types of metrics do more harm than good and have no place in cybersecurity services, which should be designed to protect companies and people from harm. Solution providers need to shift their focus from producing reams of data to meet their internal metrics, to producing truly actionable threat intelligence that can be easily used by their clients in practical, tangible ways and generate real-world positive impact.

Actionable Intelligence as a Core Value

At Redacted, we focus on actionability. Our team believes that “intelligence isn’t intelligence if it’s not actionable.” Time and again we have supported our clients with actionable cyber intelligence that have real world implications and impacted the lives of actual people.

Those who are charged with protecting others don’t have the time or energy to waste sifting through a flood of garbage labeled as “intelligence” in order to find the one piece of information they need to act. It’s our job as intelligence professionals to know what our customers truly need and in what format they need it. It’s our duty to produce easily consumable intelligence that meets those needs and enables them to act quickly.

We adhere to this core value whether or not our customers ever directly see this intelligence. In fact, our actionable intelligence team focuses mostly on providing value to our internal colleagues who are then providing direct security services to our customers. Truly actionable intelligence helps our customer-facing teams operate with greater speed and precision, giving our clients an edge over the adversary who is trying to do them harm. Our actionable cyber security threat intelligence informs and drives security processes, procedures, services, and products. Experience this tangible game changer for preventing, detecting, recovering from, and responding to cybersecurity threats as effectively as possible by reaching out today. Schedule a call with our team of cybersecurity experts today.

Tags:

[r Authors

Founded in 2015 by an elite team with deep government and private sector cybersecurity experience, [redacted] uniquely partners with its customers to protect their businesses and disrupt adversaries. [redacted] recognizes the need to provide actionable insights—information beyond that gleaned from that run-of-the-mill threat intel—and empowers clients to quickly reduce the impact of adversaries and their exploits. With its powerful mission-driven approach, [redacted] levels the playing field for organizations, seeking not only to disrupt cybersecurity threats, but to mete out consequences for those who seek to undermine legitimate business operations.​

Speak with our technical team.