Understanding how data becomes intelligence is central for any successful security program>
Help Net Security – Andrea Fumagalli
Threat intelligence is one of the hottest terms in information security at the moment. But, as with so many buzzwords, it is often overused and misused. All the buzz has created a lot of confusion. Threat data is a raw collection of malicious domains, IP addresses, or hash values that does not provide any context on attacks or threats. To properly utilize threat intelligence an organization must have a clear vision of what it seeks to achieve by introducing it into its security program. While data feeds are vital to a threat intelligence program: not all sources are created equal. The best feeds are updated and relayed at near real-time. The key to a successful threat intelligence program is performing proper analysis of each data feed â to gain the context needed to make operational changes and secure the environment. A fundamental for success is ensuring that the threat intelligence program aligns with business goals. The best way to do this is to assess how specific data feeds will solve security issues related to specific business operations. While analysts can take minutes or even hours to pivot from malware analysis to indicators across the network, an automated approach can do the same work in seconds. Automated threat intelligence enrichment can be used to implement predictable and repeatable processes that are both fast and efficient. This approach also frees analysts from the tedious and error-prone task of gathering and verifying data, freeing them up for value-added analysis and threat hunting.
Link: https://www.helpnetsecurity.com/2019/01/10/how-data-becomes-intelligence/