2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

The Tenets of Threat Intel Operations: Tenet #7 – Measure for Success

The Tenets of Threat Intel Operations: Tenet #7 – Measure for Success>
– Toby Bussa
Metrics are created through an evolutionary process that gains consensus and ensures regular and thorough reviews both before and after publication.” (p. 244)
So here is your plan of attack knowing the journey ahead:
Align to the Evolved Threat Intel Lifecycle, paying particular attention to the Planning and Direction, and Feedback and Validation phases.- Identification
– Definition
– Development
– Quality assurance
– Production deployment
– Visualization of results
– Analysis of results (including validation)
– Implement changes / improvements (including actioning feedback)
I like to map this model to the
Deming cycle – Plan, Do, Study/Check, Act,Having a process mindset and methodology makes the metrics and measurement lifecycle more approachable and sustainable.This will likely be more operationally oriented metrics like:
– Number of intelligence requirements being tracked
– Number of feeds being ingested
– Number of Indicators in the library
– Number of reports produced
– Number of incidents worked
Over time, the plan should be to expand into the lower-right quadrant, where there is more value but the effort will be slightly higher.This would include metrics like:
– Indicators observed
– New incidents from CTI
– False-positive ratio
– Counter-measures implemented
And ultimately aiming for the upper-right quadrant, where metrics like these exist:
– Mean time to detect and respond
– Incident criticality impacted by CTI
– New intelligence created
– Person hours effort saved through task and process automation
The tl:dr is start measuring!For example:
Leverage Dashboards
The highly flexible and customizable Dashboards in the platform make it easy to generate and display real-time metrics like intelligence requirements being tracked, feeds being ingested, Indicators in the Library, reports produced, and incidents being worked or completed.
Link: https://threatconnect.com/blog/the-tenets-of-threat-intel-operations-tenet-7-measure-for-success/

Categories:

Tags: