Threat Intelligence: Knowledge is Power
While good security practices dictate treating threats seriously, common sense dictates that not all threats need be treated equally. Experienced security practitioners counsel that it’s easy to over react to incidents and that not every incident must be dealt with as it happens. What is important, however, is to identify and focus on the material threats. In order to accomplish this, threat intelligence in critical.
Sources of threat intelligence include:
- Internal knowledge that resides within both the security team and organization
- Professional organizations such as ISACA, ISSA, ISF (Information Security Forum), SANs, etc.
- Security networking events
- HITECH crime units
- Peer networks
Most security practitioners are reluctant to use services such as VERIS (Verizon Enterprise Risk and Incident Sharing) because of legal concerns. In essence, while there is the desire to have access to what is happening to everyone else, no one wants to share their data or reveal what is happening to them. |