Threat intelligence: Why it's about sharing more data

1 2 Page 2
Page 2 of 2

-- The private sector information security world is continually re-treading a path taken by the defense intelligence community decades ago; but where HUMINT bears the greatest fruit in their world, SIGINT is key for us. More so, in the private sector, we have a more limited supply of actual, breathing, Human Intelligence available to us: security analysts need these force multipliers to ever stand a chance of being able to effectively cross-reference the vast number of security markers pouring out of their monitoring systems (against even the most limited of security intel sources) into a stream of directly actionable information that can keep pace with the opposition.

We've spent well over a decade now debating the need for more shared security data as the sanest way to raise the cost of entry and lower the return on investment for criminals and spies alike. In the last year, we've seen this idea go from a murmur to a party line as even the most unlikely of sources turn to the rallying call. The issue is far from settled however, and an implementation worthy of the promise yet to be created. What is important is that efforts are now underway to try and improve the situation, people are being convinced to give this idea a try and see for themselves whether it succeeds or not.

"Fail Early, Fast Fast, Fail Often" is a popular idea in the Agile Of All Things nowadays; let's see that applied to more attempts at making the promises of a shared pool of security data arrive while we're all still in business to see it.

Conrad Constantine is a Research Team Engineer at AlienVault. Over the last decade and a half, Constantine has been on the front lines of defense work in telecom, medical and media corporations, not least of which being at ground zero for the 2011 RSA Breach. He is a firm believer that incident response must become an accessible and effective discipline, available to all. He's striving to bring the mysteries of open source intelligence generation, and defensive agility, to those willing to take the leap from fear to action--mostly via the medium of code (with Visio diagrams thrown in for good measure).

This story, "Threat intelligence: Why it's about sharing more data" was originally published by CSO.


Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon