Big data and the Internet of Things are two buzzwords that rang through the halls and show floors of security conferences across the nation for quite some time. Although ambiguous, the terms took the industry by storm. Then there's security analytics; another buzzword that security marketing heads have been pushing heavily. But none of these terms have earned as much attention in a short period of time as threat intelligence. Alas! Finally a phrase that seemingly captures it all.
There is an incredible amount of benefits that information security practitioners can tap into when it comes to threat intelligence. On the other hand, the hype that's swirling around threat intelligence, and being maximized by security vendors, ends up creating misinformation, ultimately making it much more difficult for security managers and directors to know what threat intelligence really means.
In a recent interview with InfoSec Insider during the Threat Intelligence Summit in New Orleans, Dave Ockwell-Jenner, senior manager of operational security and risk management at multinational aerospace IT firm SITA, discussed the benefits and challenges surrounding threat intelligence.
While it may seem as though only larger organizations can tap into the full benefits of threat intelligence given some of the resource constraints it may present, thanks to the evolution of the products on the market, small to midsize businesses can also leverage it. Regardless of the size of the company, Ockwell-Jenner believes that the journey of leveraging threat intelligence is still the same, and each organization benefits in different ways.
"I think smaller organizations have had a little bit of an easier time as the market has matured," he told InfoSec Insider. "It used to be that threat intelligence was a resource-intensive, manual kind of game. Smaller organizations obviously struggle with that because they don't necessarily have that resource capability of the larger organization. But now as the product mature...there are an awful lot of service-based threat intelligence offerings."
Before making the decision to leverage threat intelligence, security practitioners must answer two specific questions, according to Ockwell-Jenner:
1. What is it? In other words, define what threat intelligence means to your organization.
2. What do you want it to do for you? Figure out what you want threat intelligence to achieve for your organization.
In the full-length video interview below, Ockwell-Jenner discusses why it's important to answer these two questions, shares wins that his organization has experienced as a result of threat intelligence, and highlights why consuming more information isn't necessarily a good thing.