Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Nov 27, 2018

Threat intelligence can be a reality for anyone. That means you.

Modern office with 5 employees working - Blog Image 2018.jpg

Does the thought of starting a threat intelligence program at your organization make you break out in a cold sweat? Do you feel you don’t have the budget or resources to make it happen?  

The truth is, you can do threat intelligence with what you have in-house and with existing relationships. It doesn’t have to be a stress-inducing hassle on top of everything else you have to do.

Members of the Cyber Resilience Think Tank recently explained in a wide-ranging conversation that threat intelligence isn’t just for the 1%; it can be for everyone.

“When most folks think of threat intelligence, they think of large organizations,” said Marc French, Mimecast’s Chief Trust Officer. “The reality is, most security organizations across the world have 10 or less people. Many people think threat intelligence is out of reach for them. The reality is, it's available for just about everyone. It’s not just for large banks and large tech firms in Silicon Valley.”

So much of what you can do around threat intelligence already exists within an organization.

“You are sitting on a tremendous amount of data on what is going on in your environment,” French said. “Capturing and harnessing that will get you a long way toward moving to that more protective state. You don’t need a huge budget to get started. You're doing a lot of it yourself.”

In addition to what you’re using internally, there’s also an opportunity to leverage existing or open source resources to conduct threat intelligence without breaking the bank. Giving an example of pulling from the outside, Malcolm Harkins, the Chief Security & Trust Officer at Cylance, said that at a previous company he didn’t spend millions of dollars doing threat intelligence. A good chunk of what they did was effectively crowdsourcing.

“We had a lot of intelligence already,” Harkins said. “We gathered that information from peers, we partnered with other organizations, used open source intelligence and used it tactically, strategically and proactively. We created a quarterly review of intelligence we knew that we weren’t harnessing, so we could take a more proactive footing going forward.”

French added that relying on security vendors to help is a key part of the work involving threat intelligence. He said that in a previous job as a CISO with a security team of six people he leaned on his vendors and asked them for the research to help stem the attacks he was seeing.

“I did this for almost no cost,” French said. “I already had the gear installed. I just needed to turn on the stuff I already bought and have that conversation with the vendor to make sure I could understand the results. I went from a team of six information security professionals to having a research team of 300 because I had all of these vendors doing all this work for me.”

Data + Action = Intelligence

One area where an organization may need to make a tweak is adding more skills around interpreting data so you can turn it into intelligence, French said.

“If you aren't willing to take the next step to improve your position, it isn't really intelligence,” he said. “It's important to take what you're learning and actually do something with it. You have to go beyond grabbing data and looking at stuff. You have to move to a position where you're affecting the security posture of your organization.”

A lot of times, security professions find themselves in a reactive state because they can’t get ahead of the problems they’re seeing. With threat intelligence in place, it's possible to get ahead, French said.

“With smaller teams, you’re going from fire to fire to fire,” French said. “Think about threat intelligence being a force multiplier in this process.”

Harkins agreed, adding that pulling in the open source information is critical to determine what works and what doesn’t when it comes to threats.

“Figure out how the compromise occurred, what control failed and fix it or, quite frankly, get rid of the control that didn’t work and get one that will,” Harkins said.

Here’s the full conversation with French and Harkins.

blog_banner_ThreatIntel.png

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Nov 27, 2018

You may also like:

Threat Intelligence for You: Challenges and Advantages

What can threat intelligence mean for yo…

What can threat intelligence mean for your organization? Ed… Read More >

Gary Hayslip

by Gary Hayslip

Vice President, CISO of Webroot

Posted Nov 12, 2018

The Definition of Innovative Cyber Threat Prevention

You've heard it all. Until now. By now,…

You've heard it all. Until now. By now, you have probably b… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Nov 15, 2018

Office 365 Backup and Recovery in the Ransomware Era

The Old World Meets the New When It Come…

The Old World Meets the New When It Comes to Backup and Reco… Read More >

Garth Landers

by Garth Landers

Product Marketing Director, Archiving

Posted Nov 20, 2018