Cyber Threat Intelligence: A Gold Mine of Value
Security leaders agree that while there is value in getting threat intelligence data feeds, it is not without its challenges:
- Threat intelligence data feeds are costly. It can be challenging to quantify a return on investment in order to justify the data feeds.
- The use of threat intelligence data feeds incurs time and labor costs.
- The raw data needs to be parsed and correlated; and the results analyzed and ranked in order to find actionable items that may deliver value and prevent a security incident.
- The value of the threat intelligence depends on the quality and timeliness of the human analysis.
In addition to threat intelligence data feeds, security leaders find the sharing of threat intelligence to be of value. Recommendations include:
- Collaborate with others in your industry or vertical sector to share information about attacks against the industry and provide early warnings
- Communicate early and often
- Use third-party intermediaries that can aggregate data and remove PII and other identifiable data in order to overcome issues of revealing proprietary data
Invest in and make use of industry-specific information-sharing groups, such as FS-ISAC
- Address shareholder concerns about revealing vulnerabilities by promoting the value of being able to combat cyber attacks by correlating the shared threat intelligence within the business environment