Five reasons threat intelligence fails today, and how to overcome them

Steps you can take now to break down silos and enable threat intelligence to flow throughout your organization

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

As cyber security threats have become increasingly sophisticated and pervasive, it's become impossible to identify and defend against every probable attack with traditional security budgets. That's where threat intelligence comes in. Effective use of threat intelligence is a way for businesses to pool their resources and overcome internal technical or resource limitations. Theoretically, it allows companies to "crowd source" security and stay one step ahead of malicious entities.

But that only holds true if it can be consumed as actionable intelligence. Unfortunately for many organizations, disjointed security solutions and departmental silos have made threat intelligence hard to implement across the organization and consequently, ineffective. Without the means to make threat intelligence actionable, it's just data. Data won't save your company from a targeted attack when human analysts are unable to quickly make use of it throughout decision support tools across the organization.

The challenges are two-fold. Technical silos and a lack of cooperation "across the aisle" driven by the fact that actionable intelligence can mean different things to different stakeholders. For instance, cyber analysts, operations managers, incident responders, lawyers, auditors and business risk managers all have slightly different contextual lenses. They don't have a lingua franca for risk, nor do they measure risk in the same way. However, today it's more important than ever that organizations find ways to work across silos, break down barriers to success and align stakeholders to better utilize threat intelligence.

There are five common reasons threat intelligence fails today:

While these are all very real challenges, there are some steps you can take right now to begin breaking down silos and enable threat intelligence to flow more freely throughout your organization:

* Identify Integration Opportunities: Depending on an organization's maturity level and existing technology investment, the first step may be to identify opportunities for tighter technology integration and the automation of threat intelligence feeds. Automating information sharing across stakeholders ensures an organization's governance rules are followed and removes delays introduced by human operators and processes.

* Find Your Stakeholders: Take an internal census and identify the stakeholders who might have knowledge, data and expertise to facilitate threat intelligence sharing. In addition, identify who might need to consume that information quickly in order to secure critical assets. Without a full accounting of your internal stakeholders, assets and capabilities, it will be hard to get an effective plan in place.

* Uncover Efficiencies: Often the internal census above will reveal duplicate needs for threat intelligence feeds across the organization, allowing for mutually beneficial opportunities for streamlining intelligence sharing. This can be the basis for a larger transformational business case, such as being able to reduce human resource requirements in multiple areas at once, which will be readily accepted regardless of the metrics used to measure success.

* Tap into All Domains: Depending on your organization's industry, mission, structure and culture, you will need multiple domains/dimensions of threat intelligence to meet stakeholder needs. This means not only sharing actionable intelligence across domains, but also having multiple sources of threat intelligence, or a rating system to score various intelligence sources. Taking action based on bad intelligence could be worse than taking no action.

* Set the Right GovernanceModels: Relatedly, a prohibition on certain actions based on a sole source of intelligence is warranted. Having these policies in place prior to an incident will help guide operations when an organization is under stress. Not all feeds are created equal. Open-source feeds, consolidated feeds and premium feeds should be evaluated against your organization's mission and scored based on reliability, asset value and overall cost of ownership (subscriptions, platforms, bandwidth, etc.).

In the end, threat intelligence sharing is one of the best ways to ensure your organization can react quicker and make better decisions faster, in response to today's rapidly changing threat landscape. Don't wait for a top-down mandate or compelling event to get started break down the walls and create the internal efficiencies you need to get the most out of this valuable resource.

BT is one of the world's leading providers of communications services and solutions, serving customers in more than 170 countries. BT Security is building on 70 years' experience of helping organizations around the globe and across all sectors get ahead of the threat curve and reduce the uncertainty and complexity of security. It provides an end-to-end capability to help organizations enjoy higher levels of security at a time when security budgets are not keeping pace with the threat landscape.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Jason Cook, VP of Security, BT Americas

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts