Threat intelligence needs to grow up

Security teams are overwhelmed with a massive amount of threat data

overstimulated
Thinkstock

Security teams are overwhelmed with a massive amount of threat data. While a decade ago no one was talking about threat intelligence except government agencies, organizations are now bombarded with threat data leaving them challenged with identifying what is relevant.

Aggregating that data requires a shift in mindset and a maturing of threat intelligence in order to better mitigate risks.

Experts say that collecting data for the purposes of having data does no good and can actually detract from a security intelligence program by using up time and man power to analyze data that is most often noise rather than real indicators of threat.

If the long-term goal of enterprises is to have mature threat intelligence programs, they need to conduct an internal risk assessment and design a plan of action.

Tomer Schwartz, director of security research, Adallom Labs noted, “Threat intelligence is not looking at all the data. Threat intelligence is new, and products are changing. Understanding that just plugging in to a product is not going to help is critical. Threat intelligence is about getting as much data as we can, not just current data for a current threat.”

Ignoring historical data overlooks a wealth of information that can inform a security program and enable an enterprise to defend against a wider range of incidents. Schwartz said, “In the current state of security, attackers are going to succeed. The correlation with new data and historical data is not happening enough and enterprises are afraid of collaboration.”

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon