Threat Intelligence Blog

Posted September 5, 2017

In many respects, Threat Intelligence (TI) programs are still in their infancy, and security professionals are still struggling to put these programs together. To help security professionals, who strive to build successful TI programs, I recently held a webinar series, “Success Factors in Threat Intelligence” that described a comprehensive business technical approach to the justification, definition, design, and execution of TI programs.

Much talk in the security market revolves around the technical aspects of the latest threats and how targets have been affected by these threats, but what’s often left out of this narrative is a step-by-step guide to implementing you threat intelligence program.  

We know that in order to have a mature security posture, we need a TI program that can leverage machine-readable threat intelligence, integrate it with a threat intelligence platform, and mitigate the threat; but how do you actually put this program together? This blog will review the necessary information needed for a successful TI program, going far beyond what can be found in the typical technical industry reports.  I’ve also shared how to get the most out of your TI program.

Threat Intelligence in Action

First of all, as many experienced security practitioners know, if you don’t have clear objectives or goals in security strategy then it’s likely you will be lucky to achieve success. That’s where we will start…

1. Threat Intelligence Program Requirements

In the first webinar, I cover what drives the requirements for a TI program, what are some of the requirements, and how to start structuring a business strategy (not just a technical strategy) to leverage threat intelligence in a security practitioner’s environment.

Watch Part 1 of the series to learn more about:

  • Justifying programs based on
    • Business risk
    • Cost of threats
    • Investment savings
    • Revenue impact
    • Compliance
  • Defining a program that addresses the full threat intelligence lifecycle
  • Focusing on relevant intelligence for self and third party protection

2. TI Program Framework

In the second webinar, I take a step towards defining a TI program framework that encompasses technical requirements, teams, roles, systems, processes and metrics around the TI program.

This framework lays out the overall structure of how teams and security professionals can start to use TI effectively. A key aspect of the framework is defining core elements that are common across many disparate environments.

Watch Part 2 of the series to learn more about:

  • Leveraging a framework specific for your needs across
    • Requirements
    • Roles
    • Team
    • Process
    • Systems
    • Metrics & Reporting
    • Connections
  • How to focus your TI program on maturity and impact across all entitiesEncourage Partners Toward Cyber-Maturity

3. TI Program Details

In the third webinar, I take a deep dive into each part of the framework and details to consider.

Watch Part 3 of the webinar to learn how to:

  • Automate where you can
  • Focus on efficiency of analyst/experts
  • Use metrics and reporting to drive improvements24x7-real-time-intelligence-monitoring

4. Threat Intelligence in Action

Finally, our series wraps up with specific demonstrations of elements of TI programs, including:

Threat Intelligence in Action

  • A high-quality threat intelligence data feed
    • Showing key elements coverage, categorization, confirmation, fuller context including both real-time and historical data
  • A threat intelligence operations platform
    • Showing key elements of targeted collection, multiple sources of intelligence processing and tiered review of analysis
  • A threat intelligence analysis and threat scoring can be done
    • Showing comprehensive customization and transparency of actionable intelligence
  • A cyber attack surface assessment collection, correlation and reporting system
    • Showing how organizational foot printing combined with assessment of cyber, credentials, phishing and vulnerabilities in an automated process can be leveraged
  • A threat mitigation system leveraging automated threat intelligence
    • Showing automation of large scale threat intelligence data while managing rule lifecycles to reduce impact on operational teams

Watch Part 4 of the webinar series now

In a nutshell

Threat Intelligence programs require focus on the requirements, framework, program details, and ultimately the metrics that measure their effectiveness. LookingGlass has 20+ years of significant experience in designing threat intelligence programs, as well as in supporting our customers TI programs.

Please reach out to me (@Tweet_A_T) or the LookingGlass team for more information, or leave a comment on this blog!

Additional Posts

Cyber Attack Surface Analysis

The LookingGlass® Supplier Cyber Attack Surface Analysis provides organizations with a ...

Reston-Based LookingGlass Raises $26.3 Million in Equity and Debt Funding

LookingGlass Cyber Solutions, the Reston-based developer of a threat intelligence management ...