Threat Intelligence Must be for Everyone
Threat intelligence • Apr 4, 2023
At a recent Google Cloud security event, Jayce Nichols, Google’s director of adversary operations discussed threat intelligence and was quoted as saying, “If you don’t have a way to incorporate [threat intelligence] into your business and security processes, then spend that money on something else because you’re not really going to get the benefit from intelligence,” While the point he was making is valid, the headline news from the event was: “Threat intelligence isn’t for everyone.”
This is exactly the wrong conclusion to take away. Threat intelligence, when leveraged to derive actionable insights, is invaluable, and one of the most important tools in an organization’s security arsenal. What’s required is better, not more threat intelligence. Investments in threat intelligence and driving intelligent action based on correlation, contextualization and prioritization is a critical strategy for enterprise security. The industry needs better tools to enable the benefits of consuming and actioning threat intelligence – not a defeatist conclusion that writes off an important category of tools because the process seems too difficult.
If you think back to school days, many people said that “calculus isn’t for everyone.” It can easily get confusing, seem very abstract, and most of us probably haven’t touched it since college. But it’s dangerous to conclude that “calculus isn’t important.” Arguably, we all use higher-level math every day without thinking about it. We’re able to do this because of automation. While the chips in our smartphones process thousands of complex equations every second, most of us don’t have to ‘do the math’. But we all depend on the results.
The same is true for cybersecurity, and threat intelligence. It’s easy to get overwhelmed by lists of thousands of possible threats coming from dozens of threat detection sources. Threat intelligence is not just another data source - that’s why it’s called intelligence and not data. A robust intelligence platform can sift through the data, apply AI to enrich, contextualize, correlate, prioritize and deliver concise, and actionable insights. A modern TIP platform, such as Cyware Threat Intel Exchange or an MSSP service addresses these critical capabilities that turn CTI into an invaluable tool.
But the challenges don’t stop there. It’s also difficult and cumbersome to communicate threats effectively with your peers, and to take proactive action to stop known threats before they become attacks. For this, you need tools that automate machine-to-human and human-to-human threat sharing, and you need flexible orchestration, and automation to close the loop and take action immediately.
These are undoubtedly hard problems, and we should not depend on security analysts plodding manually through millions of threats and thousands of alerts – this must be automated. Of course, Google recognizes the need for automation and better security tools, which led to last year’s acquisition of Mandiant, whose CEO – Kevin Mandia, pledged to automate these human-intensive processes to find the proverbial needles in haystacks. Perhaps they haven’t made as much progress as originally anticipated, but vendors like Cyware are not waiting, and have already effectively applied AI and automation to ensure that the benefits of threat intelligence are available to everyone – today.
