Using Security Intelligence for a Competitive Advantage
It used to be that if one had collected logs, one had security intelligence. Now security intelligence is loosely defined as a collection of information from many sources, including:
- Logs from IT and security systems
- Logs from key business systems
- External threat sources
- System events
- Industry events shared by peers
- Assets and what they are vulnerable to
By aggregating such information and applying network behavioral analysis on critical segments, security teams can gain a better understanding of what is normal per time of day, per application and per type of user. This security intelligence can then be leveraged in several ways for competitive advantage:
- Protect the assets and reputation of the organization through strong, intelligence-based security programs
- Strengthen the industry as a whole by sharing information with peers. By banding together against security problems, a tightknit industry helps the whole industry to be more competitive.
- Proactively perform business-intelligence queries against the “big security data” in order to identify patterns of fraud or unusual behavior that may be of benefit business units that are unable to perform such queries. This can deliver a competitive advantage, but must be undertaken with thought as such activity diverts efforts from the core security tasks.
|