Threat intelligence means a lot of different things to different people. Oftentimes organizations think of tactical information that helps defenders in their on-the-network battles with the bad guys. But, as Forrester Research recently noted in their report Achieve Early Success In Threat Intelligence With The Right Collection Strategy:
“Don’t fall into the trap of subscribing to tactical indicator feeds that you can just pump into your security information management and forget about.”
Tactical intel has it’s role and importance, but starting there can lead you down a rathole. To start off, you need to understand the big picture and then from there you need to understand your adversary, specifically:
- Who is the actor, what is their motivation and intent, capability, and opportunity?
- What is the threat campaign they are deploying? What is it targeting? How is it being carried out?
- What are the associated events and supporting evidence that can be used to provide a level of confidence around the seriousness and impact of this threat to your business?
- How can you reduce the adversary’s opportunity? What are the processes and/or tools to minimize this exposure?
On Wednesday, April 26 at 1pm ET, please join us for a threat intelligence discussion and see a live demonstration of SurfWatch Threat Analyst, which recently received 5 out of 5 stars from SC Magazine. Adam Meyer, our Chief Security Strategist and head of the SurfWatch analyst team (and formerly a CISO with the 2nd largest transportation system in the US) will lead this discussion and demonstration.